Facebook gets hit with a virus

Facebook has been hit with a virus that could spread to its 120 million users. The virus has been dubbed "koobface", which tries to gather personal information from users computers such as credit card numbers.

The virus dubbed "koobface" sends a message to all the friends of the infected titled "You look just awesome in this new movie". Users who opened the messaged where asked to download a fake update for Adobe flash player, which was actually the virus itself being downloaded and installed onto victims computers. If users attempted to use any of the major three search engines such as Yahoo, Google, or Live search, users would be taken to contaminated sites.

All users are being asked to run their updated anti-virus scanners to check for potential contamination. Facebook has also posted a response to help users clean infected machines on their security web site.

The "koobface" hit MySpace in August, where users had a similar situation where the virus took over their computer. Researchers believe that this is not the last of the "knobface" virus we will see, but the hacker or hackers are improving it.

Report a problem with article
Previous Story

Patch Tuesday for December 2008

Next Story

Reminder: 1 day left to enter our HP contest!

60 Comments

Commenting is disabled on this article.

This kind of news is precisely why I don't "socialize" on stupid websites of these sorts. Every time a friend or family member ask me to fix their computer because it's plagued with spyware, adware, and/or malware; the first thing I ask them is "Do you use MySpace?" and their answer is usually an unsurprising YES.

A big NO THANKS from me goes out to all those ridiculous online soap opera crap sites. I thought socializing meant going out and actually talking face-to-face with human beings. I guess I'm living in the past because I'm sure many will argue that this is no longer considered to be the cool way to interact with people anymore.

You do know that flowers don't just grow in pots, don't you?

This is a phishing worm, used to create a botnet. It's not an OHHH I'm a big bad virus come to eat your files nom-nom-nom. Anti-virus companies make clear distinctions between things like this for a reason.

It's not a virus, it's phishing, you are pretty dumb if you do this, although I do feel sorry for users that do not know, but I don't feel sorry for users that click and agree to everything.

Me too, special facebook where you must put and giveaway your private information for free!, its just make a nonsense


You can limit a lot of Data on FB, for example I don't post pictures of being drunk all the time on there, and my D.O.B is just the day and month, it has details such as what Uni I'm at etc but not my address or telephone number, and I have about 4 apps (video etc) that I use, I don't add millions of them cause people wonder why it runs slow. Also set your profile to friends view and your fine, and only add people you know or you are pretty silly to put data up and add random people.

Saw this a while back, just had to laugh. Most people would click on anything you send them (and most of the time be happy to fill in their details). I've tried on some people before, just as a test, most people fell for it, hilarious.

fACebook resetted my password twice yesterday because of "suspicious activity " from my account, by none of my friends have received any suspicious message from me, and my email account doesnt seem to have been compromised. so I'm wondering what the hell happened. *runs antivirus*

"You look just awesome in this new movie".

How stupid do you have to be to think that you feature in a video that you have absolutely no prior knowledge of? Such people are natural victims and always will be.

SniperX said,
How stupid do you have to be to think that you feature in a video that you have absolutely no prior knowledge of? Such people are natural victims and always will be.

People that get infected by this kind of thing are just plain stupid, and are a risk to the internet lol

darkpuma said,
People that get infected by this kind of thing are just plain stupid, and are a risk to the internet lol


a quote from forest gumps moma "stupid is as stupid does" end quote

I got one of these emails and I went for anyways even though it looked fishy. I was in OSX at the time and the flash file it downloaded was an .exe so I knew it was bogus.

to all that use Linux and Mac....enjoy the Linux/Mac built environment.... you guys really deserve it...and now back to CRASH DAY (linux people read about it...mac on parallel enjoy it ....moooohooohoohaa haa ahaaaaaaaaaaaaaaaaa) . I have to admit...I love my MAC games on PC...they rock...and the linux apps that have no equivilent..I am enjoying Ubuntu that does make it work...god bless Gimp ...no wait Photoshop...well I tried

Good thing I use a Mac, LOL! But then again, it is indeed a pain in the rear end to deal with, especially since a couple of my contacts were infected.

shinji257 said,
Macs are not invincible either. They have already had malware written for them too.

Where? When?

shinji257 said,
Macs are not invincible either. They have already had malware written for them too.

Wasn't that just proof of concept?

umm... and why doesn't Facebook just stop these from sending out and delete the current ones that have already been sent? I couldn't believe they don't have programs in place that can stop messages being sent with this crapola.

Quite possibly because they didn't send them out in the first place. I believe that the message is made to look like it came from Facebook.

P.S. - This is why I don't use those sites... Too big of a target.

Not only is the misquoted name amusing, if you rearrange it the same way you do KoobFace to get Facebook, you get Facebonk, which is also amusing.

I never install codec for any streaming video online. I figure if it isn't flash or it isn't sliverlight or it isn't windows media then it isn't worth my time.

ROFL Knobface, if only that really was the name. I'd feel sorry for the Anti-Virus PR guys who have to say that with a straight face every time

[rimshot] It speads "Twice as fast at half the bandwidth" as previous viruses but the hackers that created this will need a lawyer to prove it is just a joke. [/rimshot]

*if this doesnt make sense...dont worry about it

Don't get me wrong, I'm a Windows guy always and forever, but "haha i'm on linux you can't catch me :D"

A good deal of my friends are infected by those worms. It sucks.

MarcoDigi said,
Don't get me wrong, I'm a Windows guy always and forever, but "haha i'm on linux you can't catch me :D"

Linux isn't invincible, in fact far from it. It's already been proven that Vista contrary to popular belief is the most secure OS out.

thealexweb said,
Linux isn't invincible, in fact far from it. It's already been proven that Vista contrary to popular belief is the most secure OS out.

You're not very likely to get a virus on Linux though, are you?

Anyway. A phishing blacklist update for most browsers should effectively stop this, no?

thealexweb said,
Linux isn't invincible, in fact far from it. It's already been proven that Vista contrary to popular belief is the most secure OS out.

I would be interested in this "proof". And, in return, let me be the first to at least provide actual facts, such as OpenBSD has had only two remote exploits in its default install in its entire history.

markjensen said,
I would be interested in this "proof".

Just Google it. You'd have to be living in a box not to see all the recent articles on studies proving this.

excalpius said,
Just Google it. You'd have to be living in a box not to see all the recent articles on studies proving this.

Uh, oh. Can of worms, ex . . . can of worms. You gotta get up real early when it comes to mj.

Trust me: I'm often the first person to say "if ever/once Linux gets popular enough, it WILL fall to worms." Heck, I believe Microsoft has way more say about security since they've had to deal with it for the past 15+ years. A la Linux, you can build an awesome great "virus-invincible" infrastructure for the longest time, but what realworld experience do you have if no one's targeting it?

I was really just referring to the single worm itself. I mean, with a name like "Net-Worm.Win32.Koobface.a", I'd imagine it wouldn't be targeting my 'nix machine.

markjensen said,
I would be interested in this "proof". And, in return, let me be the first to at least provide actual facts, such as OpenBSD has had only two remote exploits in its default install in its entire history.

Rubbish.
I just looked on a well known hacker resource site and lo and behold under BSD, a new open BSD exploit marks the top of the list, with everything else being gnu until 6th whereby its ANOTHER BSD exploit, with another 6 openBSD exploits on that small summery page. Not as secure as you would like to believe.

thealexweb said,
It's already been proven that Vista contrary to popular belief is the most secure OS out.

n_K said,
(I'm guessing you meant: '*nix systems' are) Not secure as you would like to believe

Firstly, a few things I've noticed: this article doesn't specify Vista; that thealexweb used "Vista" instead of "Windows"; and that the arguments here (mine included) seem to address "Windows" - not everyone who uses Windows uses Vista.

From it's inception, *nix maintenance demanded due diligence, whereas Windows maintenance did not. MS set forth to create an easy to use operating system, and they had succeeded, at the expense of making the average user lazy (and/or ignorant.) These symptoms may have persisted from one Windows release to another (to eventually Vista.) *nix, on the other hand, was hard from the get go. The average *nix user had to know enough about their system in order to use certain tools; it certainly wasn't simply a matter of clicking a mouse.

One major advantage that *nix systems had over Windows for decades was limited user privileges; Vista's release certainly ushered in a new era of "MS giving a damn." It's interesting, though, when we consider that, while Neowin patrons are generally more paranoid about security than the average Windows user, a lot of requests have been made on this forum for ways to disable critical, but annoying, Vista 'features.' The average, and I cannot stress that enough, Windows user does not stop to think about the ramifications of installing a piece of software. They want that feature now, disregarding peer (or professional) reviews and alerts. How tempting would it be, then, for that impatient Windows user, to find ways to circumvent the protocols that Vista put in place to protect itself? Vista's security features would be useless. The average user would be at risk, yet again.

thealexweb said,
Linux isn't invincible, in fact far from it. It's already been proven that Vista contrary to popular belief is the most secure OS out.

Oh lawd. You believe what you like but it won't become true.

sentio said,
One major advantage that *nix systems had over Windows for decades was limited user privileges; Vista's release certainly ushered in a new era of "MS giving a damn." It's interesting, though, when we consider that, while Neowin patrons are generally more paranoid about security than the average Windows user, a lot of requests have been made on this forum for ways to disable critical, but annoying

Big mistake, last year a colleague mine show me a "exploit" running in a safe linux configuration (full patched and inside a physic firewall, or you could say, over any "home configuration") as "nobody". The exploit was a perl script enabling to the attacker can browser the files, i don't known if this program is able to write or which information can be accessed.

We was able to found it only because the "program" was running and eating so much cpu resources.

sentio said,
Firstly, a few things I've noticed: this article doesn't specify Vista; that thealexweb used "Vista" instead of "Windows"; and that the arguments here (mine included) seem to address "Windows" - not everyone who uses Windows uses Vista.

From it's inception, *nix maintenance demanded due diligence, whereas Windows maintenance did not. MS set forth to create an easy to use operating system, and they had succeeded, at the expense of making the average user lazy (and/or ignorant.) These symptoms may have persisted from one Windows release to another (to eventually Vista.) *nix, on the other hand, was hard from the get go. The average *nix user had to know enough about their system in order to use certain tools; it certainly wasn't simply a matter of clicking a mouse.

yes but i'd rather be able to use my almost secure box now not nine hours later

accesser said,
Sigh well if you are silly enough to follow the link and install the fake update then that's your own fault.

+1 They usually say you need a new codec and thats how they sink it on to your system.

bobbit said,
Okay, one it's not a virus, it's a worm; two: it's called KoobFace, not knobface.

The articles have been getting very sloppy the last few days.

bobbit said,
Heh, they are getting sloppy, but this one's just ignorant.

Thanks for the support......Doesn't sound very nice when reading that users are putting down your article.

It's not very nice when articles are misleading, lie outright or are plagiarized (this isn't the only one so don't take it too personally).

Thanks for fixing the Knob error, anyway.