W32/Koobface
W32/Koobface
Threat risk
|
Detection files published:
2008-08-18 |
Description created:
2009-06-03 |
Description updated:
2009-06-03 |
|
Alias:
Net-Worm.Win32.Koobface, W32/Koobface.worm, Boface |
Spreading mechanism
Other | |
|
Payload:
Installs proxy server, downloads malware | ||
Summary
W32/Koobface is a worm propagating through social networking sites such as Facebook. The worm spreads by sending messages with malicious links to contacts on various social networking sites. These links leads to websites that tries to trick the users into downloading the worm and other malicious software.
Spreading description
The worm will search through cookies on the computer looking for login credentials for various social networking sites such as Facebook, MySpace, Tagged and hi5.
Using the information gathered from the cookies, the worm then connects to these sites and starts sending messages to friends and contacts. These messages will contain a link to what appears to be a funny or interesting video, but in reality will take the user to a fake video website. This website will present the user with a message that he/she needs to install a plugin to watch the video. This is not a real plugin, but malicious software that will install the worm.
Threat description
In addition to spreading itself through social networking sites, the worm has been seen to do the following:
- Installing a proxy server to manipulate search results (Ad hijacking and click fraud).
- Downloading rouge security software.
Removal
W32/Koobface was first detected by Norman's antivirus products August 19th 2008. Later variants have been continuously added.
To remove the worm and its malicious components completely, it it recommended to use Norman Malware Cleaner.
Sometimes you might be unable to access the internet after being infected with W32/Koobface. In these cases you need to check your browser's proxy settings and make sure that the use of proxy server is disabled.
How to disable the use of proxy server in Internet Explorer:
- Start Internet Explorer.
- Go to the Tools menu and click Internet Options.
- Choose the Connections tab and click the LAN settings button.
- Uncheck the checkbox for Use a proxy server for your LAN.
It might also be a good idea to change the passwords for your social networking sites.
How to stay protected
Users of Norman Antivirus & Antispyware are fully protected from all known versions of W32/Koobface. Click here to buy.
General information about removal of malicious software
Norman's antivirus products are in general able to remove all malicious software that is detected.
Some malware, however, uses techniques that the general product does not remove sufficiantly. We have therefore developed the free product Norman Malware Cleaner. Please use the latest version of this program from the link below - if your Norman antivirus is unable to clean-up the infection.
| Utilisation | Titre | Commentaire |
|---|---|---|
| Stopper la propagation des virus sur les partages réseau | ||
| Cleaning of back-up folders on Windows Me and XP |