Facebook, Microsoft Partner To Fight Koobface WormFacebook, Microsoft Partner To Fight Koobface Worm
The Koobface virus, which spreads through social networking sites, has been added to Microsoft's Malicious Software Removal Tool.
April 6, 2009
In a partnership that reflects the growing need for cooperative responses to online security threats, Facebook last week said that it was working with Microsoft to protect people from the Koobface virus.
Koobface is a computer worm that spreads through malicious Web links and affects Facebook and MySpace users running unpatched versions of Windows. Upon successfully infecting a computer, it steals social networking logon information to create spam messages and sends them to friends on Facebook or MySpace, depending upon the variant. The spammed links typically lead to a video site that purports to require a download to view the video. Trying to download the file invites malware that tries to compromise the user's computer and continues infecting other computers through social networks.
In a Facebook blog post, Jeff Williams, a principal group program manager for the Microsoft Malware Protection Center, explains that Microsoft worked with Facebook to add Koobface to its Malicious Software Removal Tool. "Since releasing our newest version of MSRT two weeks ago, we've removed Koobface nearly 200,000 times from over 133,677 computers in more than 140 different locales around the world," he said.
That isn't the end of the problem, however. As Williams notes, Koobface is highly polymorphic, meaning that it's constantly changing to look like something else. So far, he said, there have been more than 20,000 Koobface variants. This, incidentally, is why signature-based malware detection alone is no longer sufficient to protect computers.
Microsoft has a free online virus scanner that may help to identify computers infected by Koobface. The best precaution is not to click on links, or agree to download files, from untrusted sources.
According to Deloitte's sixth annual Global Security Survey, released in February, people are identified as the most significant vulnerability to information systems. "Human error is overwhelmingly stated as the greatest weakness this year (86%), followed by technology (a distant 63%)," the report states. It attributes the rising risk to increased adoption of new technologies and social networking.
Attend a virtual event on budget-minded security for small and midsize businesses. It happens April 29. Find out more and register.
About the Author(s)
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
The State of Supply Chain Threats
What Ransomware Groups Look for in Enterprise Victims
How to Use Threat Intelligence to Mitigate Third-Party Risk
Concerns Mount Over Ransomware, Zero-Day Bugs, and AI-Enabled Malware
How Enterprises Are Managing Application Security Risks in a Heightened Threat Environment