A worm abusing Facebook‘s messaging system is making rounds between friends. It consists of an executable worm known as Koobface that runs on the victim’s computer and searches for Facebook cookies on his or her computer. It will then use these cookies to hijack an authenticated session and send a message to all of the victim’s friends. This message typically contains a link to a website that will try to infect new victims.
This is not the first worm to make use of social networking sites for distribution. Social networking sites are the perfect way of distributing worms in the Web 2.0 world. By their nature, social networking is virulent – very much like malware – and can help reach a large group of people. Some worms previously made use of web application attacks like Cross Site Scripting (XSS) and Cross Site Request forgery (CSRF). In fact the more complex and popular social networking sites become, the more chance that such sites are used as a platform to launch malware. Usage of technologies such as Ajax make the websites more useful and easier to use. As a side effect, they also tend to expose such sites to new risks that were previously not thought to be a security issue.
For example, Facebook supports online Apps that have been found to hide malicious code. One particular malicious Facebook App called Secret Crush was discovered to be spreading early 2008. It attempted to install adware on the victim computers. Web application vulnerabilities together with a bit of social engineering can proof to be a very effective weapon in a malware writer’s arsenal.
Other posts that mention Koobface: