Facebook invasion: Beware of new 'smart' worm

Hot on the heels of a reported hijacking of hundreds of Facebook groups, a new variation on an old worm is crawling its way into the social network's walls. Attackers have released an updated, more intelligent version of the notorious Koobface virus, security analysts say--and anyone could become its next victim.

The Facebook Hijack

First, the hijacking: An organization called "Control Your Info" apparently took control of as many as 300 Facebook groups over the past several days. Members added their own logo onto the pages, announcing they'd "hijacked" the groups and providing a link back to their own site.

(Facebook maintains no confidential information was ever exposed--the affected groups, representatives say, were abandoned and open for any member to take over.)

The "Control Your Info" Web site states that the organization's mission was to expose security holes in social media--a fitting segue to today's new threat.

Facebook's New Concern

The new threat has a familiar name. Koobface--which, by the way, is an anagram of the word Facebook--first popped up in mid-2008 and has been pestering users ever since.

The worm typically works by taking over your PC, then sending messages or wall postings to your friends. The messages include links to what appear to be funny videos or risqué photos of people you and your friends know. Anyone who follows the links, however, will ultimately end up infected with the malware themselves--usually by way of a bogus software update that pops up on-screen.

The updated Koobface variation, according to the virus-fighting team at Trend Micro, takes things a step further by automating the entire process. Instead of depending solely upon real accounts to spread the malicious links, the attackers have found a way to have bots do their bidding.

Here's how Trend Micro says it's happening: Botnets are registering new Facebook accounts and confirming them via accompanying Gmail addresses, all without any human interaction. The zombie accounts are then joining Facebook groups, adding friends, and posting dangerous links onto those people's walls.

"This new component behaves like a regular Internet user that starts to connect with friends in Facebook," explains Jonell Baltazar, an advanced threats researcher with Trend Micro. "The details provided about the account are complete such as a photo, birth date, favorite music, and favorite books."

The system is even advanced enough to monitor maximum friend levels allowed by Facebook, Baltazar says, to avoid drawing any attention to the ill-intended account.

Facebook Protection

So, what can you do to keep yourself safe from this Koob-faced villain? The steps are nothing you haven't heard before: Keep your antivirus software up to date, and use some common sense.

Antivirus software will alert you if you click onto a site that's known to host malware -- and that's exactly where these Koobface links want to take you. The easiest way to stay safe, then, is just to be cautious in choosing what you click.

If you see a link that looks questionable, even if it's from someone whose name you know, don't follow it. And if you find yourself on a Web page that's asking you to download a software update, don't do it. Instead, close the window and go directly to the software vendor's own Web page to see if the update is the real deal.

Otherwise, you might end up with Koob smeared all over your face--and, suffice it to say, that's one fate you'd be better off avoiding.

JR Raphael is the co-founder of geek-humor site eSarcasm. You can keep up with him on Twitter: @jr_raphael.