Jump to content

User:My2ndAngelic/Koobface

From Wikipedia, the free encyclopedia
Koobface scam
Alias
TypeComputer scam
SubtypeMalware
OriginRussia

Koobface scam is a network scam that attacks Microsoft Windows, Mac OS X, and Linux platforms.[1][2][3] This scam originally targeted users of networking websites like Facebook, Skype, Yahoo Messenger, and email websites such as GMail, Yahoo Mail, and AOL Mail. It also targets other networking websites, such as MySpace, Twitter,[4] and it can infect other devices on the same local network.[5] Koobface scam is also used by technical support scammers to fraudulently claim to their intended victims that they have a virus on their computer by using fake popups and using built-in windows programs.[6][7][8]

Infection[edit]

Koobface scam ultimately attempts, upon successful infection, to gather login information for FTP sites, Facebook, Skype, and other social media platforms, and any sensitive financial data as well.[9] It then uses compromised computers to build a peer-to-peer botnet. A compromised computer contacts other compromised computers to receive commands in a peer-to-peer fashion. The botnet is used to install additional pay-per-install malware on the compromised computer and hijack search queries to display advertisements. Its peer-to-peer topology is also used to show fake messages to other users for the purpose of expanding the botnet.[10] It was first detected in December 2008 and a more potent version appeared in March 2009.[11] A study by the Information Warfare Monitor, a joint collaboration from SecDev Group and the Citizen Lab in the Munk School of Global Affairs at the University of Toronto, has revealed that the operators of this scheme have generated over $2 million in revenue from June 2009 to June 2010.[9]

Koobface scam originally spread by delivering Facebook messages to people who are "friends" of a Facebook user whose computer had already been infected. Upon receipt, the message directs the recipients to a third-party website (or another Koobface scam infected PC), where they are prompted to download what is purported to be an update of the Adobe Flash player. If they download and execute the file, Koobface scam can infect their system. It can then commandeer the computer's search engine use and direct it to contaminated websites. There can also be links to the third-party website on the Facebook wall of the friend the message came from sometimes having comments like LOL or YOUTUBE. If the link is opened the trojan virus will infect the computer and the PC will become a Zombie or Host Computer.

Among the components downloaded by Koobface scam are a DNS filter program that blocks access to well known security websites and a proxy tool that enables the attackers to abuse the infected PC. At one time the Koobface scam gang also used Limbo, a password stealing program.

Several variants of the scam have been identified:

In January 2012, the New York Times reported[20] that Facebook was planning to share information about the Koobface scam gang, and name those it believed were responsible. Investigations by German researcher Jan Droemer[21] and the University of Alabama at Birmingham's Center for Information Assurance and Joint Forensics Research[22] were said to have helped uncover the identities of those responsible.

Facebook finally revealed the names of the suspects behind the scam on January 17, 2012. They include Stanislav Avdeyko (leDed), Alexander Koltyshev (Floppy), Anton Korotchenko (KrotReal), Roman P. Koturbach (PoMuc), Svyatoslav E. Polichuck (PsViat and PsycoMan). They are based in St. Petersburg, Russia. The group is sometimes referred to as Ali Baba & 4 with Stanislav Avdeyko as the leader.[23] The investigation also connected Avdeyko with CoolWebSearch spyware.[21]

Hoax warnings[edit]

The Koobface scam threat is also the subject of many hoax warnings designed to trick social networking users into spreading misinformation across the Internet. Various anti-scam websites such as Snopes.com and ThatsNonsense.com have recorded many instances where alarmist messages designed to fool and panic Facebook users have begun to circulate prolifically using the widely publicized Koobface scam threat as bait.[24][25] The "Barack Obama-Clinton Scandal" hoax which was popular in 2010 is an example.

Other misconceptions have spread regarding the Koobface scam threat, including the false assertion that accepting "hackers" as Facebook friends will infect a victim's computer with Koobface scam, or that Facebook applications are themselves Koobface scam threats. These claims are untrue. Other rumours assert that Koobface scam is much more dangerous than other examples of malware and has the ability to delete all of your computer files and "burn your hard disk." However, these rumours are inspired by earlier fake virus warning hoaxes and remain false.[24]

References[edit]

  1. ^ Lucian Constantin (28 October 2010). scam-Variant-Infects-Linux-too-163450.shtml "New Koobface scam Variant Infects Linux Systems". softpedia. Retrieved 3 February 2015. {{cite web}}: Check |url= value (help)
  2. ^ Lucian Constantin (30 October 2010). "Linux Java-Based Trojan Might Have Been an Accident". softpedia. Retrieved 3 February 2015.
  3. ^ scam-trojan-horse-for-mac/ "More Information About the Koobface scam Trojan Horse for Mac". The Mac Security Blog. October 29, 2010. Retrieved 2012-01-20. {{cite web}}: Check |url= value (help)
  4. ^ US-CERT Malicious Code Targeting Social Networking Site Users, added March 4, 2009, at 11:53 am
  5. ^ scam-malware-attack "Twitter Status - Koobface scam malware attack". twitter.com. Retrieved 3 February 2015. {{cite web}}: Check |url= value (help)
  6. ^ Marks, Ellen (June 7, 2015). "Fake tech support warning targets Apple users". Albuquerque Journal.
  7. ^ Ricca, Aaron (April 6, 2016). "Warnings are out there, but people keep falling for scams". The Kingman Daily Miner.
  8. ^ Jensen, Dreama (February 26, 2016). "Woman almost falls for computer scam". South Bend Tribune.
  9. ^ a b scam.pdf Koobface scam: Inside a Crimeware Network
  10. ^ "W32.Koobface scam". symantec.com. Retrieved 3 February 2015.
  11. ^ Keizer, Gregg (March 2, 2009). scam_scam_to_users_Be_my_Facebook_friend?intsrc=news_ts_head "Koobface scam scam to users: Be my Facebook friend". Computerworld. Retrieved 2009-08-31. {{cite web}}: Check |url= value (help)
  12. ^ scam.gen!F&threatid=2147631531 "scam:Win32/Koobface scam.gen!F". microsoft.com. Microsoft. Retrieved 3 February 2015. {{cite web}}: Check |url= value (help)
  13. ^ Koobface scam malware distribution technique - automatic user account creation on FaceBook, Twitter, BlogSpot and others
  14. ^ scam.DC "scam_Koobface scam". trendmicro.com. Retrieved 3 February 2015. {{cite web}}: Check |url= value (help)
  15. ^ scam-scam/ "Sophos stops new version of Koobface scam social networking scam". Naked Security. Retrieved 3 February 2015. {{cite web}}: Check |url= value (help)
  16. ^ The Allure of Social Networking, describes Win32/Koobface scam affecting multiple social networks as described on CA's Security Advisor Research blog
  17. ^ "W32.Koobface scam.D". symantec.com. Retrieved 3 February 2015.
  18. ^ scam-a-affects-mac-os-x-mac-Koobface scam-variant-spreads-via-facebook-twitter-and-more/ "Intego Security Memo: Trojan Horse OSX/Koobface scam.A Affects Mac OS X Mac – Koobface scam Variant Spreads via Facebook, Twitter and More - The Mac Security Blog". The Mac Security Blog. Retrieved 3 February 2015. {{cite web}}: Check |url= value (help)
  19. ^ "History of Computer Virus". Comodo.com. Retrieved 2016-06-23.
  20. ^ scam-gang-uses-facebook-to-spread-powerful-scam.html Web Gang Operating in the Open
  21. ^ a b scam "The Koobface scam malware gang – exposed! - Naked Security". Naked Security. Retrieved 3 February 2015. {{cite web}}: Check |url= value (help)
  22. ^ "Facebook credits UAB with stopping international cyber criminals, donates $250,000 to school". AL.com. Retrieved 3 February 2015.
  23. ^ Protalinski, Emil (January 17, 2012). scam-scam/7538 "Facebook exposes hackers behind Koobface scam scam". ZDNet. Retrieved January 20, 2012. {{cite web}}: Check |url= value (help)
  24. ^ a b scam_virus Koobface scam - What is it Really? article at ThatsNonsense.com, Retrieved on 26th January 2011
  25. ^ scam.asp Koobface scam article at snopes.com website, Retrieved on 30 December 2010

External links[edit]

Category:Facebook Category:Myspace Category:Trojan horses Category:Hacking in the 2000s

Moved to Koobface scam