It's Not A Con
Online Security and Safety by Con Mallon at Norton from Symantec.

• Home
• About
• RSS

• Recently Written

  • Google goes out and ‘kills’ some rogue apps
  • No security software – no surfing!
  • Norton Everywhere!
  • Scientist ‘infected with PC virus’
  • Fake AntiVirus accounts for 15% of all malware
  • Your printer knows a lot about you – think about it
  • Fatal System Error
  • Cybercrime continues to ramp – ISTR
  • Norton 2011 BETA
  • Watch out for an IE update coming your way

• Categories

  • Announcements
  • Backup and restore
  • Customer service
  • Data loss
  • Events
  • Family Online Safety
  • Gaming
  • Identity theft
  • Latest Gadget
  • Market trends
  • Miscellaneous
  • Regulation
  • Security
  • Spam
  • Technology
  • Uncategorized

• Archives

  • June 2010
  • May 2010
  • April 2010
  • March 2010
  • February 2010
  • January 2010
  • December 2009
  • October 2009
  • September 2009
  • August 2009
  • July 2009
  • June 2009
  • May 2009
  • April 2009
  • March 2009
  • February 2009
  • January 2009
  • December 2008
  • November 2008
  • October 2008
  • September 2008
  • August 2008
  • July 2008
  • June 2008
  • May 2008

• Blogroll

  • And Finally
  • Ask Marian – Symantec Internet Safety Advocate
  • BBC dot.life
  • Blog Storm
  • Charles Arthur
  • Claudine Beaumont : Telegraph Blogs
  • Computing.co.uk
  • Connected Internet
  • Crave
  • Davey Winder
  • David Lacey
  • Future Stuff
  • Guy Bunker’s Security Blog
  • Guy Clapperton
  • Guy Cocker
  • Ian Douglas : Telegraph Blogs
  • Imran Ali
  • Jason Bradbury
  • Katie Lee : Telegraph Blogs
  • Light Blue Touch Paper
  • Mac.broadband
  • Mark Prigg
  • Mary to Many
  • Neville Hobson
  • Nigel Kendall : The Times Online
  • Norton Protection Blog
  • Security Watch
  • Shane Richmond : Telegraph Blogs
  • Shiny Shiny
  • Tech Digest
  • Tech Radar
  • Technology, Books and Other Neat Stuff
  • The Digital Lifestyle
  • The Guardian Technology Blog
  • The Long Climb
  • The Tech News Blog
  • Will Head
  • Wired Blog Network

• Polls

  • How Is My Site?

    • Good
    • Excellent
    • Bad
    • Can Be Improved
    • No Comments

    View Results

     Loading ...
  • Polls Archive

Koobface continues to mutate in the search for dollars

We have detected, yet another variant of the Koobface worm.  This variant, detected as W32.Koobface.C, installs the misleading application detected as AntiVirus2008, and is propagating on Twitter.

Now, this worm is not new, since it was discovered last year in August 2008, but it has come back again to spread on Twitter.  Response analysis and investigation into this attack has confirmed that this new version of Koobface contains functionality to search for users who have Twitter accounts. If Koobface finds a suitable user (by searching for Twitter cookies), then it will contact a command and control server which will then send down a version of Koobface which contains functionality to log into Twitter and add a tweet to the victim’s account. We also believe that it looks for cookies for other social networking sites.

When the user clicks the link, they are redirected to a fake video web site, then asks the user to download a codec to watch the video.  This codec is a copy of W32.Koobface.A. and this then downloads the misleading application detected as AntiVirus2008. So, at the end of the day, the guys that are peddling this attack are trying to see if they can make money on the back of it.

What you can do to protect yourself is careful what you click on – we advise Twitter users to avoid clicking URLs on tweets, especially if the tweet advertises a home video. Additionally, arm yourself with strong and updated security software to catch and prevent malware from downloading.

comments

• Subscribe

  Enter your email address:

  Delivered by FeedBurner

  
  

  Subscribe to It's Not A Con

• Links, downloads and other resources

  Norton Today
  Norton Family Online Safety site
  Symantec Podcast Directory