Koobface Spreading On Facebook

Social networking service Facebook told to Computerworld that they're quickly updating their security systems to minimize further impact of malware spreading on Facebook. Passwords of infected accounts are being resetted and spam messages are being removed. Facebook is also coordinating with third parties to remove redirects to malicious content elsewhere on the web.

The guilty one in the problem is a new variant of Koobface worm which is targeting Facebook. Last summer its earlier variants caused harm to Facebook and MySpace users.

In a nutshell, bad guys try to fool Facebook victims by sending spam with a link claiming to contain a video. When user clicks the link (s)he is redirected to a page that then displays a fake error message claiming that Adobe System Inc.'s Flash is out of date, and prompts user to download an update. Instead of being an update the executable file installs variant of Koobface worm which in turn installs a background proxy server that redirects all Web traffic.

On infected system at least all searches made on Google, Microsoft and Yahoo search engines are redirected to find-www.net web address. The hackers are making money by redirecting users' searches to their own results, collecting cash from the ensuing clicks.

Facebook has posted a short message on its security page acknowledging the worm's attack. The notice urged users whose accounts had already been compromised to scan their PCs for malware and then reset their passwords.