What is Koobface?
Koobface is a computer worm which spreads via social networking sites. Koobface is being “invited” onto many computers through infected links in Facebook.
Most social networking scams spread on social networks because users inadvertently recommend them to their friends and within their circles. Koobface actively infects your PC and then it deliberately spreads itself via social networking sites.
Koobface knows how to create its own social networking accounts so that it can aggressively post links helping it to spread even further.
The most common infection method is through a fake video player. If you click on one of the links which Koobface has posted, you’ll end up on a fake web page – typically a fake YouTube, Facebook Video or a fake Adobe Flash download page. They might offer a clip to watch. However, they claim first you need a Flash update. The video player popup update notice is fake, it’s actually just an installer for the Koobface virus. The only real Adobe Flash download page is found at “http://get.adobe.com/flashplayer/” If you will notice the link presented to you as the download address, it is different.
Important Side Note:
As a side note anytime you go to a website that asks you to update your Flash Player, it most likely is a false infected link you are being given. If you do, however, get to a site that inundates you with a pop up that doesn’t seem to close immediately do the following:
-Do not touch any browser window to close it or try to browse further.
-Immediately press Ctrl-Alt-Del (Ctrl-Shift-Esc in Vista or Win 7) and bring up Task Manager and forcibly end all instances of iexplore.exe, if using Internet Explorer, or, the executable for the browser you are using. –or– -Go to Start/Shut Down and restart the PC without touching any browser windows.
-If you have used task manager to close browser instances, reboot the machine.
-Then go to Control Panel/Internet Options and delete all temporary Internet Files and cookies. If you are using an alternate web browser, open the browser settings to do the same – delete the local cached files and cookies.
-Perform a full scan with your virus program or a third party malware scanner like Malwarebytes anti-malware.
The above steps should prevent the infection from taking hold if you suddenly receive random pop ups from Koobface or any other program trying to infect your computer by posting false advertisements. Remember: No one knows if your computer is infected and if a popup says you are infected, it is almost always a lie.
Back to Koobface:
Koobface is part of a zombie network that allows cyber crooks to be able to instruct your PC to download and run any other software they choose. The Koobface worm allows cyber-criminals to track and record sensitive data about you, for example, it can see what logins and passwords you enter on particular websites, and it can discover credit card information and other banking information. In addition, this malicious worm can display vague ads convincing you to install fake anti-virus programs and other malicious software.
How to avoid getting infected in future:
– Keep your patches and your anti-virus up-to-date. This won’t stop all threats, but it will stop most of them, including Koobface.
– Don’t be tempted by links on social networking sites just because they look cool. A little caution goes a long way.
– Never download video player software just because a site offers you an update. Reputable sites will explain what you need so you can seek it yourself, rather than trying to trick you into downloading what they want.
After removing any malware, especially zombie malware, it’s a good idea to change passwords on all your on-line accounts. And keep an eye on your bank statements, just in case.
Also view our article dated 11-18-2014 called “Your computer is infected”
If you are unsure or need assistance, please call Coast Computing 561.452.6132. We can help you remotely while you watch.