Tuesday, March 03, 2009
Koobface worm (from Facebook messages) is back again.
Multiple media outlets report that the Koobface worm has surfaced on Facebook again.
The Facebook user receives an inbox message instructing her to view a video, which in turn urges the loading of an Adobe Flash update. The bot that it loads listens for traffic on port 9090 and may misdirect http traffic and searches.
A typical story is by Robert Vamosi on Silicon.com, “Malware: Facebook Koobface worm strikes again”, link here. The arriving message exhibits social engineering and may say something like, “You look funny in this new video.”
The worm seems to be a variation of malware that first appeared in August 2008. But the prevalence of the revised virus seems to be very low so far.