Security researchers at PandaLabs have discovered a new variant of the Koobface malware targeting holiday cheery users of social networking giant Facebook.
Koobface.GK consists of a Christmas message contained in a video hosted on a fake YouTube page. If a person plays the video or clicks on a link on the Web page, users will be force downloaded the malware. The message from antivirus vendors is to ensure that signatures are up to date because nearly all of the Koobface variants can be detected. Symantec researchers issued a Koobface alert back in November.
Luis Corrons, technical director of PandaLabs warned that hackers continue to take advantage of the increasing level of trust fostered on social networks. Users of social networks are more likely to click on a link from someone they don’t know, he said.
“Social networks have become one of the popular entry points used by hackers to spread their creations, due to the false sense of security many users have regarding the content published on these networks,” Corrons said.
The latest Koobface variant is tricky because once installed it deploys a captcha image prompting users to enter a response. If the victims fail to enter the correct response, the worm threatens to reboot the PC. If the victim enters the correct captcha response, Koobface registers a new domain to host the video in order to continue to spread itself, Corrons said. Ultimately the machine is turned into a zombie, part of a Koobface botnet.
Symantec’s Hon Lau summed up the holiday attacks best:
This is not the first Christmas-related malware campaign so far this year and it will certainly not be the last.