Koobface Virus Resurfaces on YouTube, Tracks Users

Dennis Faas's picture

The 'Koobface' virus is once again making its rounds, freshly updated and even tougher to combat. It's responsible for delivering spyware payloads and also sniffing out passwords and credit card numbers of unsuspecting users.

"Several weeks ago Koobface added ... hijacking functionality that blocks access to security sites, tipping users off to the fact that something might be wrong with their systems. Since then the authors have taken a giant leap toward invasiveness with the installation of a fake anti-virus Trojan," said Mcafee researchers. (Source: avertlabs.com)

Koobface Now Tracking its Visitors

The updated Koobface variant was recently discovered appearing on popular online destination YouTube. A series of bogus YouTube pages encrypted with JavaScript plus the virus gave its creators a chance to monitor page hits and to determine the volume of visitors on a daily basis.

Joey Costoya, a researcher at Trend Micro, explained that the JavaScript code can be seen at the very bottom of a bogus page, buried deep below numerous HTML (hyper text markup language) tags. It's suggested that the page hit counter would be used by the malware creators to test traffic on a specific page and then plan their next move.

'Thousands' Affected within Days

According to the security researchers, the Koobface creators started their monitoring methods on July 28th, 2010. In that short window of time, 126,717 unique page hits were recorded. (Source: itpro.co.uk)

Some analysts have discredited the page hit counter, however. While it may serve to measure the volume of people visiting the compromised YouTube pages, it does guarantee that the same number of users were infected. (Source: itpro.co.uk)

Since its inception, Koobface has been notorious for targeting online services containing shared content. In addition to Facebook and YouTube (two very attractive options for malware peddlers) the virus has also been known to infect Google Reader users. It has been ranked a 'serious threat' by security company F-Secure.

Rate this article: 
No votes yet