Facebook Virus: Koobface Spreads via Messaging

Kaspersky Lab, a leading developer of secure content management systems, has detected two variants of a new worm, Net-Worm.Win32.Koobface.a. and Net-Worm.Win32.Koobface.b, which attack MySpace and Facebook respectively. As part of their malicious payload, the worms transform victim machines into zombie computers to form botnets.

The malicious code isn't exactly new (it started surfacing in August), but has now been altered to strike social networking websites only and is currently making the rounds on Facebook pretty quickly, it seems. The virus can spread fast because they travel through messages which appear to come from your friends.

The Koobface messages carry subject lines like "You look so funny on our new video" or something similar, and contain a link to a video site that appears to contain a movie clip.

Messages and comments on MySpace and Facebook include links to http://youtube.[skip].pl. If the user clicks on this link, s/he is redirected to http://youtube.[skip].ru, a site which purportedly contains a video clip

The worm creates a range of commentaries to friends' accounts. Net-Worm.Win32.Koobface.b, which targets Facebook users, creates spam messages and sends them to the infected users' friends via the Facebook site. The messages and comments include texts such as Paris Hilton Tosses Dwarf On The Street; Examiners Caught Downloading Grades From The Internet; Hello; You must see it!!! LOL. My friend catched you on hidden cam; Is it really celebrity? Funny Moments and many others.