This is an update regarding the US-CERT alerting us to the Koobface malware, as posted in this blog on March 4th, 2009. The Microsoft Malware Protection Center has noted that the following websites appear to be the focus of this attack:

• bebo.com
• facebook.com
• friendster.com
• fubar.com
• hi5.com
• myspace.com
• myyearbook.com
• netlog.com
• tagged.com

According to Microsoft’s details on the Malicious Software Removal Tool, “The Microsoft Windows Malicious Software Removal Tool checks computers running Windows Vista, Windows XP, Windows 2000, and Windows Server 2003 for infections by specific, prevalent malicious software—including Blaster, Sasser, and Mydoom—and helps remove any infection found. When the detection and removal process is complete, the tool displays a report describing the outcome, including which, if any, malicious software was detected and removed…

Because computers can appear to function normally when infected, Microsoft advises you to run this tool even if your computer seems to be fine. You should also use up-to-date antivirus software to help protect your computer from other malicious software. To download the latest version of this tool, please visit the Microsoft Download Center.”

added March 4, 2009 at 11:53 am

“US-CERT is aware of public reports of malicious code spreading via popular social networking sites including myspace.com, facebook.com, hi5.com, friendster.com, myyearbook.com, bebo.com, and livejournal.com. The reports indicate that the malware, named Koobface, is spreading through invitations from a user’s contact that include a link to view a video. If the users click on the link in this invitation, they are prompted to update Adobe Flash Player. This update is not a legitimate Adobe Flash Player update, it is malicious code.

Additionally, some of the reports indicate that there are multiple bogus Facebook applications being used to obtain users’ private information.

US-CERT encourages users and administrators to do the following to help mitigate the risks:

• Install antivirus software and keep the virus signature files up to date.
• Do not follow unsolicited links.
• Use caution when downloading and installing applications.
• Obtain software applications and updates directly from the vendor’s website.
• Refer to the Staying Safe on Social Networking Sites document for more information on safe use of social networking sites.
• Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks. “

This is a reminder to us all that while we may trust the websites themselves, the applications available for download or the media shared on these sites are not usually examined for malicious code. Even if you trust the “friend” who sent it to you, that person may not be in control of their own account.

~Rachel James, Intake Specialist