The Last Watchdog

on Internet security by Byron Acohido

Koobface, Waledec worms slam Facebook; MySpace says it’s immune

Posted on | March 5, 2009 | 3 comments

koobface_worm1Facebook appears to be taking the brunt of the onslaught of viral messages infesting the Internet. These viral messages are metastizing far and wide, carried  by huge and growing botnet-driven worms,  like Koobface and Waledec, that spread through email and, increasingly,  via social network communication services. The bad messages try to steer you to tainted web pages or trick you into downloading something innocuous, like an Adobe Flash update, that really is a malicious Trojan.

Meanwhile,  MySpace is thumping its chest claiming to be virtually immune to Koobface, Waledec and other such botnet worms infesting the Internet.

The bottom line of these attacks: your PC gets pulled into the botnet. Now your machine helps to  spread the infection  and perpetrate  other Internet-enabled criminal activity, such as extortionist denial of service attacks. From your machine the bad guys harvest all of your  valuable data. Security Fix’s Brian Krebs has just revealed how fake Twitter posts can be used for this type of attack.  Meanwhile, popular networking sites LinkedIn and Bebo are being bombarded with  bad messages.  And Friendster, fubar.com, hi5.com, LiveJournal,  myYearbook, Netlog and Tagged are being actively targeted, according to Trend Micro

MySpace users, however, are being spared much of this misery, claims Chief Security Officer Hemanshu “Hemu”  Nigam.  Big companies usually do not like discussing their security initiatives publicly, for fear of aiding the bad guys and/or painting a big, inviting target on their backs.  But Hemu contacted Last Watchdog to make sure the world understands that MySpace has gone through extraordinary lengths in the past year to repel all forms of messaging attacks.

hemanshu_nigam_crop“Today we are declaring victory in the war on spam and phishing,” Hemu told LW.  “We have put in a lot of features in our site cleansing things like Koobface.”

Nigam’s bio includes a stint as  Microsoft’s  security attorney;  he helped set up a $5 million bounty fund to catch notorious hackers. (See this book excerpt for the back story about how Microsoft paid a couple of German school boys $250,000 to rat out their classmate, Sven Jaschan, the creator of  Netsky and Sasser.)

Hemu says MySpace puts an intensive 24 x 7 x 365 effort into blocking viral messages. He gave LW some internal metrics quantifying the strength of MySpace’s security initiatives. He says MySpace users today are experiencing an overall 73% reduction in spam compared to a year ago. That breaks down as follows:

  • Bulletin spam, spread on bulletin board posts, down 82%.
  • Comment spam, spread in the comment section of another user’s profile, down 99.5%.
  • Mail spam, spread via private buddy-to-buddy messages, down 85%.
  • Profile spam, spread by creating fake profiles to support fraudulent activities, down 49%.

“As we look at the year ahead our goal on the security front is to make sure that those who intend to spam or phish on MySpace get the clear signal that MySpace is not a safe haven for their illegal activities,” declares Hemu.

Maybe Facebook, Twitter, LinkedIn et. al.  should be asking Hemu for advice. They all have been hit hard by the ubiquitous Koobface botnet worm, which continues to infect PCs far and wide.  Kaspersky Labs pegged Koobface as early as  last July.  Koobface  spreads by spamming out messages on regular email and via the private messaging systems of all of the popular social networking sites.

Invariably the messages lure recipients to navigate to a web page to see a video of Middle East war footage, or a speech by President Obama or a funny incident at dinner party. Nothing bad happens when you click to the web page. Nothing bad happens when you click on the video to activate it.

But then you see a popup box requiring you to first download an update to Adobe’s Flash player in order to see the video. Click on this and you’re owned — you are voluntarily allowing the Koobface gang to install a back door to your harddrive and take control of your PC.

You probably won’t notice anything amiss. But you will likely get a data stealing program installed. And your machine performance may slow when your PC gets assigned to spread email spam and participate in denial of service attacks.

Because of headlines on stories like this CNET news story and news videos like this CNN report, the perception is spreading that Koobface is a Facebook-specific worm. It’s not. AVG researcher Roger Thompson recently isolated this variant of Koobface spreading via regular email. Meanwhile, waves of Koobface have been appearing in buddy-to-buddy messages on FaceBook, MySpace, Bebo and LinkedIn, which folks often navigate to at their places of employment.

“This will catch a lot of people at work,” predicts Thompson. “There will be a whole lot of work computers with Koobface infections.”

–By Byron Acohido
Photo of Hemanshu Nigam

Category: Imminent threats, Top Stories
Tags: > > >

Comments

3 Comments »

  1. Hi Byron, Chris Boyd here – Director of Research for FaceTime Security Labs.

    With regards Myspace security, I’d have to agree with the notion that spam and unsolicited fake friend requests are way down on previous years…it’s very rare I see any nowadays. At one point you couldn’t move for the things – so a big improvement there. They seem to be getting much better at locking down certain technical issues that have aided hackers and spammers in the past.

    However – there are still major problems that don’t seem to be addressed, which relate to the people actually using the site. There have been issues for some years now on Myspace with regards groups of people that intentionally cause trouble for other users. They spam forum groups, support groups and generally harass and abuse other people for fun.

    There have been custom made tools created by wannabe hackers who get drawn into these groups and trouble generally spills from one social networking site to the other, with Myspace being the base of operations (for the most part) for these people.

    Scat porn, overlays, dubious links and image flooding are all common. Recently the Iron Man movie group maintained by movie director john favreau was spammed into oblivion, and there have been cases where rape support groups had to effectively shut down because of the images and abuse posted to their help forums.

    Despite Myspace being aware of these issues:

    http://tinyurl.com/5hkg7y

    …as far as I can see most of these activities continue to take place. I’d be curious to know why Myspace don’t seem to be able to police this problem effectively.

    Comment by Chris Boyd — 3/7/2009 @ 9:48 am

  2. You realize that KOOBFACE is named because it was targetted at Facebook. Reverse Book and and Add Face= the name

    Comment by Ivan — 3/9/2009 @ 1:02 pm

  3. Last Watchdog to make sure the world understands that MySpace

    Comment by Erlinda Foss — 5/3/2012 @ 5:46 am

RSS feed for comments on this post.

Leave a comment

Search Last Watchdog

Navigate Last Watchdog