The popularity of social networking, such as Facebook and Twitter has sky-rocketed in recent years. This popularity hasn’t gone unnoticed to malcode authors who use social engineering to get their wares installed on unsuspecting victims. Social networking sites make social engineering victims almost too easy.
The authors of the Koobface (an anagram of Facebook) worm implemented an ingenious system that plays on a victim’s interest in getting the dirt on one of their friends. At a high level, an infected user has a new wall post added or messages are sent to all their friends with words such as “Check out these embarrassing videos of me…”. Included with the post is a link where a user can click to get all the juicy photos or videos. The embedded link takes you to a dropper site hosting a fresh copy of Koobface ready to be installed on its next victim.
In most cases, the malicious link mentioned above takes you to a YouTube-like site that pops a message that you need to install Adobe Flash, a new video codec, or some other plug-in to view the video.
The Koobface infection has varied slightly over this period. Below is a list of some of these behaviors:
- Stealing login credentials and sessions stored in website cookies
- Stealing web browser saved passwords
- Trick users into solving CAPTCHAs in automated attacks against other systems
- Installation of malicious proxy settings used for Ad Hijacking and Click Fraud
- SPAM and malware distribution
- Installation of a rogue webserver for command and control
- Rogues security software delivery
A good first line of defense against this family of malware is security awareness. If users are trained to avoid clicking links from unsolicited or suspicious posts and approach installing plug-ins with caution, the social engineering infection vector is severely limited
Tips for Securing Your Devices: Do not unexpected links or attachments in emails/messages. Be careful about what you visit on the web and what you download.