What is Koobface Virus
By Nick Anderson 6 minutes
One of the most destructive parts of malware is the fact that new ones are an ever-present danger to cybersecurity. Researchers worldwide put significant work hours and money into finding new malware that has the potential to be on the list of most destructive malware of all time. It’s not an easy task because malware often works by exploiting a vulnerability in systems that have not been detected yet. These exploits (also known as ‘Zero-Day’ exploits), can be most difficult to deal with.
Koobface is a virus that appeared more than a decade ago. Its purpose was to infect your system and steal valuable information such as financial and login information. Some variants of Koobface are still in the open, and learning about its behavior will not only prevent it from infecting your device but also instill certain best practices in your browsing habits.
Koobface Virus – An Old Adversary
Koobface’s presence on the internet can be traced back to 2008. Back then, social media was catching wind and was a far cry from the behemoth that it is today.
It was a computer worm that first finds a host, then attempts to replicate itself to other devices. We have explained the several types of malware in our blog, but here’s a quick rundown. A worm is a typical virus that has self-replicating characteristics. Once it infects your system, it will find new devices, such as those connected to your PC via USB or local network.
Koobface mainly targeted social media websites, but it was not the sole target for its attack. It could be delivered through emails or malicious web pages.
The infected systems can create a botnet, sending and receiving data from the attacker without the users’ knowledge. The botnet can be used for nefarious purposes like DDoS attacks or cryptocurrency mining. The strength of the botnet comes from the number of infected PCs in the net. The attacker could push new updates to the worm and keep it undetected.
Koobface can even install other malware on the system. If Ransomware strikes your system, the malware will lock you out of your precious files and demand ransom for the decryption key.
It is believed that the hacker gang behind Koobface originated from Russia.
Attack on Facebook
Koobface made its way to Facebook soon after it was first spotted. Facebook users would receive a message from a friend saying “You look just awesome in this new movie”, among other types of messages. Regardless of the message, the purpose was to make the user click on a malicious link to what appears to be a video player. The video player notifies the user that Flash Player needs to be updated. Once the user agrees to install the malicious file, Koobface makes its way into the user’s computer.
You have to remind yourself that Facebook in 2008 was a much different place than it is right now. Social media wasn’t as big back then, which means people weren’t aware of the several dangers that could affect them. The message came from a friend whose computer had been infected with the Koobface worm. As a known contact, the recipient would trust the message, unsuspecting that it’s a malicious link.
How to Remove Koobface Virus
Koobface is a worm, which means it needs to find a host, then execute and spread to other users. It could be through connected devices or by launching social engineering techniques like the Facebook example above.
When Koobface infects a PC, it does several things, one of them is checking for Facebook cookies. It will use the person’s Facebook account to multiply itself by sending malicious links to friends. Additionally, the infected computers will form a botnet.
A botnet is a network of infected computers that can receive commands from attackers. A couple of years ago when cryptocurrency was in its prime and Bitcoin mining was still viable on GPUs, botnets used infected computers to mine cryptocurrency. The result of Koobface infection would be slow computer performance, redirects to malicious websites, and compromised social media accounts.
Koobface can also install other programs on its own. Some of the known processes associated with Koobface are as follows:
Open up Task Manager in Windows or Activity Monitor in macOS and find if any process matches the names listed above. However, Koobface today could be running under a different name. Whether it’s Koobface or any other malware, an unknown process drawing too many resources for a long time is usually a sign of malware.
The only effective way to remove the Koobface virus is through a robust anti-virus. Invest in a capable anti-virus that is updated regularly with new malware signatures. It will allow the anti-virus to deal with emerging malware. Additionally, keep your operating system updated. Updates are an important part of the user experience and the security of your device. Malware often exploits a zero-day vulnerability in the software. New OS and software updates patch these vulnerabilities so malware cannot cause harm to the system.
How to Prevent Koobface Infection
Koobface and other types of malware exploit not just vulnerabilities that exist in digital systems, but also in humans. Much of the infections could be prevented if we – as users – adopt certain practices that ensure the safety of our system and the valuable information it holds.
Make it a note to never click on links that you receive in emails from unknown senders. Double-check the email address of the sender before clicking on any link or downloading any files, regardless of how much urgency it draws. Phishing is a fraudulent technique to steal information like credit cards or login information.
Install anti-virus and keep it up-to-date. Enable the option to scan processes at the start, scan thumb drives, scan email attachments, and scan for malicious links. Use a VPN on public Wi-Fi to encrypt your communication. Such networks are prone to Man-in-the-Middle (MITM) attacks where a hacker could redirect you to malicious web pages. And read your data if there is no encryption between you and the webserver.
Koobface is just one of many threats lurking on the internet. Your small investment into anti-virus and a VPN will go a long way in ensuring the safety of your data. It is better to be safe than sorry.