We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Facebook users warned as Koobface worm strikes

Security risk as video links to infected website

A worm that's been tricking Facebook users into downloading malicious software since July has resurfaced.

Criminals have released a new variation of the Koobface worm, Facebook said on Friday. Koobface is spreading via Facebook messages that look as if they're videos. Often they say something like "you look funny". When the user clicks to see the video, he is taken to a new website and asked to download special software in order to see the video. That software is malicious.

"Only a very small percentage of Facebook users have been affected and we're working quickly to update our security systems to minimise any further impact, including resetting passwords on infected accounts, removing the spam messages, and coordinating with third parties to remove redirects to malicious content elsewhere on the web," Facebook said. "Users with up-to-date anti-virus software are generally well protected from this and similar viruses."

Facebook would not say exactly how many of its users have been hit with the worm.

See Security Advisor for more PC security news and reviews

The new variant, first reported by McAfee last Wednesday, uses new techniques to get around filtering software that Facebook is using to block it, said Guillaume Lovet, threat response team manager with Fortinet.

In fact, Koobface is now using one of Facebook's own features against it, Lovet said. The latest variant uses Facebook's ability to redirect web links to drive users to malicious websites, often hosted on Geocities.com, Lovet said.

Facebook can redirect visitors to outside Web sites. For example, the URL http://www.facebook.com/l.php?u=http://www.pcadvisor.co.uk would take a visitor to PC Advisor's website.

Facebook warns users who are being redirected in this fashion that they are leaving Facebook's website, but the feature makes it easier for the worm to avoid filtering software, Lovet said.

Once installed, the worm installs a Trojan horse downloading program and keylogging software, he said.

"Users should always have up-to-date anti-virus and not click on links in messages that seem strange," Facebook advises.


IDG UK Sites

Best camera phone of 2015: iPhone 6 Plus vs LG G4 vs Galaxy S6 vs One M9 vs Nexus 6

IDG UK Sites

In defence of BlackBerrys

IDG UK Sites

Why we should reserve judgement on Apple ditching Helvetica in OS X/iOS for the Apple Watch's San...

IDG UK Sites

Retina 3.3GHz iMac 27in preview: Apple cuts £400 of price of Retina iMac with new model