Koobface.DU returns to Twitter

Sean-Paul Correll — Fri, 10 Jul 2009 10:15:00 GMT

A few days ago the Koobface worm started to appear on Twitter. Today, the Koobface worm returns by hijacking several Twitter user accounts to assist in propagating the worm. The malicious tweets start with the text “My Home Video :)” followed by a link to one of 20 or so malicious sites.

Once on the malicious site, the victim becomes assaulted with a fake flash update and the infection starts to communicate with Facebook and Twitter immediately after downloading two additional executables from a domain hosted in Belgium.

Fake codec site:

Connections:

After attempting to spread the infection on Facebook and Twitter, the W32/Koobface.DU.worm further capitalizes on its efforts by installing the Adware/InternetAntivirusPro Rogue Antivirus.

Twitter has responded to the threat quickly and have already made an effort of removing the malicious tweets. We detected around 100 still active malicious tweets at the time of writing this.

Visual representation of malicious tweets:

Malware in Social Media

Sean-Paul Correll — Thu, 26 Feb 2009 17:17:00 GMT

A few weeks ago we talked about cyber-criminals using Digg.com to spread malware. Today we see that the very same group responsible for the Digg.com incident was using the same tactic on YouTube through the use of YouTube's Annotations feature. Video Annotations is a way to add interactive commentary to videos on YouTube.

The following image displays a video using the annotations feature to guide users over to a malware ridden website:

Although the YouTube description malware is not as prevalent as the Digg.com comment abuse, it does show that Social Media websites are increasingly being used to spread Malware. We expect to see plenty of new examples similar to this throughout 2009.

Thanks to Dancho Danchev for the information.

PandaLabs : Social Media

Koobface.DU returns to Twitter

Malware in Social Media