Koobface Continued…

The Koobface gang’s changing tricks and longevity are noted at a recent USAToday article. They’ve recently upped their activity on a major social networking site and user infections appear to have a quick jump. The current theme has been effective for the past month. A message will arrive in a user’s box from a friend (names purposely removed from image). Note that the gang is no longer using the bit.ly service in their attack links:


The link will lead the user to the familiar phony Yuotube “Broadcast Yourself” page with video frame and flash installer prompt “This content requires Adobe Flash Player 10.37. Would you like to install it now?”. The “setup.exe” file from “SquarePants”. When setup.exe is run, this file in turn drops and runs “bill103.exe” or “bill104.exe” and begins its badness. ThreatFire prevents it effectively.


Past posts on Koobface here.

If you are prompted to install the Flash Player, you can skip the install and go to the vendor’s site directly to download the player’s installer and install it in your web browser. Then browse the page you want to view. For legitimate sites, the content should play.

This entry was posted in Virus News and tagged , . Bookmark the permalink.

One Response to Koobface Continued…

  1. Kevin says:

    Why don’t some antivirus and spyware software not see this as a threat? I had to manually find harmful and foreign “files” myself. I’m fairly advanced with computers compared to the average person, but I’m still afraid I’ve missed some harmful “files”. It turns out that I had a lessor version of this virus but it still felt like it was a majour deal for me. (I purposely downloaded the fake flash from the noticeably fake website, to see what kind of malware it was. I thought it would just be some kind of phishing thing but boy was I wrong.) This thing also popped up a window on my computer that had a windows xp provisional logo(I have windows xp home) and it said that my computer would shut down in like,,240 seconds and required a CAPTCHA to exit ( it looked like how the windows defender works on Vista, making the screen darker except for the active window with that captcha)

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>