by Blight Crusader

Word is out from Trend Micro that the Koobface botnet has started a new attack on Facebook, and also a second report about it using Google Reader to spam Facebook, MySpace, Twitter and possibly other social networking sites. This attack should be seen as part of the growing threat to social networking sites without the proper type of bot detection software.

Below is the Trend Micro blog on the Facebook attack, but I would also advise checking out their blog post on the wider Google Reader attack as well.

The Koobface botnet has pushed out a new component that automates the following routines:

• Registering a Facebook account
• Confirming an email address in Gmail to activate the registered Facebook account
• Joining random Facebook groups
• Adding Facebook friends
• Posting messages to Facebook friends’ walls

Overall, this new component behaves like a regular Internet user that starts to connect with friends in Facebook. All Facebook accounts registered by this component are comparable to a regular account made by a human. The details provided about the account are complete such as a photo, birth date, favorite music, and favorite books, among others. In addition, every account registered is unique in such a way that the details vary for every account registered.

Koobface accomplishes these malicious activities by automating Internet Explorer to perform the task of creating and registering an account. However, it does not proceed and will terminate the process if the affected user is using Internet Explorer 6. Moreover, it employs a check if it has already reached the maximum friend requests set by Facebook or not. Hence, it keeps itself under the radar and does not cause any alarm to Facebook administrators.

This component fetches details from one of the botnet’s available proxy domains.

The messages posted through Facebook’s wall contain a link that leads to the usual fake Facebook or YouTube page hosting the Koobface loader component.

Facebook users are advised to be careful and security conscious. It is probable that the Koobface botnet owns a particular Facebook account.

This entry was posted on Friday, November 13th, 2009 at 4:21 am and is filed under Articles, Blight News, Facebook, Google, Headlines, MySpace, Twitter. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.