New Virus Called Koobface Registers New Domains To Spread Virus

Dec 11 2009

I’ve seen a lot of viruses but this is the first time I’ve seen one that actually registers a domain to help it continue to spread.  Here’s a little description of the virus (the links are safe)

GLENDALE, Calif., Dec. 9 /PRNewswire/ — Cybercriminals are capitalizing on the Christmas holiday in a new Facebook scam that renders users’ computers useless, reports PandaLabs, Panda Security‘s malware analysis and detection laboratory.

Following the posting of malicious links on Facebook users’ walls, the bait directs to a fake embedded video player that poses as a Christmas greeting. When users try to play the video or click on a link on the page, their computers download and install a variant of the well-known Koobface worm, Koobface.GK. An image of the scam is available at

After the virus is installed on a computer, a captcha is displayed that threatens to reboot the computer within three minutes. Although nothing happens after three minutes, the computer is rendered useless. Every time a user enters the captcha text, Koobface.GK registers a new domain where the infection files are hosted, facilitating the worm’s continued distribution. For an image of the captcha, visit

“Social networks have become one of the popular entry points used by hackers to spread their creations, due to the false sense of security many users have regarding the content published on these networks,” says Luis Corrons, technical director of PandaLabs. “Users generally trust the messages and content they receive, and consequently hackers get a high level of response through these channels.”

Of course, as a Mac user, I’m lucky that these viruses don’t come into play very often. Then again, I just got Google Chrome

Share This

About the author

Outsmarting the Dumb, Outworking the Smart

View all articles by ShaneCultra