Koobface, Waledec worms slam Facebook; MySpace says it’s immune

koobface_worm1Facebook appears to be taking the brunt of the onslaught of viral messages infesting the Internet. These viral messages are metastizing far and wide, carried  by huge and growing botnet-driven worms,  like Koobface and Waledec, that spread through email and, increasingly,  via social network communication services. The bad messages try to steer you to tainted web pages or trick you into downloading something innocuous, like an Adobe Flash update, that really is a malicious Trojan.

Meanwhile,  MySpace is thumping its chest claiming to be virtually immune to Koobface, Waledec and other such botnet worms infesting the Internet.

The bottom line of these attacks: your PC gets pulled into the botnet. Now your machine helps to  spread the infection  and perpetrate  other Internet-enabled criminal activity, such as extortionist denial of service attacks. From your machine the bad guys harvest all of your  valuable data. Security Fix’s Brian Krebs has just revealed how fake Twitter posts can be used for this type of attack.  Meanwhile, popular networking sites LinkedIn and Bebo are being bombarded with  bad messages.  And Friendster, fubar.com, hi5.com, LiveJournal,  myYearbook, Netlog and Tagged are being actively targeted, according to Trend Micro

MySpace users, however, are being spared much of this misery, claims Chief Security Officer Hemanshu “Hemu”  Nigam.  Big companies usually do not like discussing their security initiatives publicly, for fear of aiding the bad guys and/or painting a big, inviting target on their backs.  But Hemu contacted Last Watchdog to make sure the world understands that MySpace has gone through extraordinary lengths in the past year to repel all forms of messaging attacks.

hemanshu_nigam_crop“Today we are declaring victory in the war on spam and phishing,” Hemu told LW.  “We have put in a lot of features in our site cleansing things like Koobface.”

Nigam’s bio includes a stint as  Microsoft’s  security attorney;  he helped set up a $5 million bounty fund to catch notorious hackers. (See this book excerpt for the back story about how Microsoft paid a couple of German school boys $250,000 to rat out their classmate, Sven Jaschan, the creator of  Netsky and Sasser.)

Hemu says MySpace puts an intensive 24 x 7 x 365 effort into blocking viral messages. He gave LW some internal metrics quantifying the strength of MySpace’s security initiatives. He says MySpace users today are experiencing an overall 73% reduction in spam compared to a year ago. That breaks down as follows:

  • Bulletin spam, spread on bulletin board posts, down 82%.
  • Comment spam, spread in the comment section of another user’s profile, down 99.5%.
  • Mail spam, spread via private buddy-to-buddy messages, down 85%.
  • Profile spam, spread by creating fake profiles to support fraudulent activities, down 49%.

“As we look at the year ahead our goal on the security front is to make sure that those who intend to spam or phish on MySpace get the clear signal that MySpace is not a safe haven for their illegal activities,” declares Hemu.

Maybe Facebook, Twitter, LinkedIn et. al.  should be asking Hemu for advice. They all have been hit hard by the ubiquitous Koobface botnet worm, which continues to infect PCs far and wide.  Kaspersky Labs pegged Koobface as early as  last July.  Koobface  spreads by spamming out messages on regular email and via the private messaging systems of all of the popular social networking sites.

Invariably the messages lure recipients to navigate to a web page to see a video of Middle East war footage, or a speech by President Obama or a funny incident at dinner party. Nothing bad happens when you click to the web page. Nothing bad happens when you click on the video to activate it.

But then you see a popup box requiring you to first download an update to Adobe’s Flash player in order to see the video. Click on this and you’re owned — you are voluntarily allowing the Koobface gang to install a back door to your harddrive and take control of your PC.

You probably won’t notice anything amiss. But you will likely get a data stealing program installed. And your machine performance may slow when your PC gets assigned to spread email spam and participate in denial of service attacks.

Because of headlines on stories like this CNET news story and news videos like this CNN report, the perception is spreading that Koobface is a Facebook-specific worm. It’s not. AVG researcher Roger Thompson recently isolated this variant of Koobface spreading via regular email. Meanwhile, waves of Koobface have been appearing in buddy-to-buddy messages on FaceBook, MySpace, Bebo and LinkedIn, which folks often navigate to at their places of employment.

“This will catch a lot of people at work,” predicts Thompson. “There will be a whole lot of work computers with Koobface infections.”

–By Byron Acohido
Photo of Hemanshu Nigam

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone