Kaspersky Lab Detects Over 575 New Variants of Koobface in June 2009

Kaspersky Lab, a leading developer of Internet threat-protection solutions that defend against computer viruses, spyware and all forms of malicious software, saw an explosion of Koobface modifications throughout the month of June, due to summer and vacations across the northern hemisphere. In just one month, the number of variants detected jumped from 324 at the end of May 2009 to almost 1000 by the end of June 2009.

Koobface, the infamous worm, was first detected by Kaspersky Lab as Net-Worm.Win32.Koobface, and it instantly became popular when it appeared, almost one year ago, targetting Facebook and MySpace accounts. The Koobface worm is spreading through legitimate users’ accounts to their friends’ profiles. Comments and messages sent by the worm contain a link to a fake YouTube-style website which invites users to download a “new version of Flash Player”. Instead, the worm is downloaded to victims’ machines. Once a user is infected, he or she will start spreading such messages to his or her friends. In the meantime, the functionality of the worm has been extended. Koobface is now targetting more social-networking websites like Facebook, MySpace, Hi5, Bebo, Tagged, Netlog and, most recently, Twitter.

As social networks such as Facebook or Twitter are becoming increasingly popular (Facebook Alexa Ranking), attacks targetted at them are also gaining momentum.

“This sign of increased online criminal activity involving social networks in the past month proves that the strategies used by cybercriminals to infect users, are much more efficient when adding the social context to their attacks,” says Stefan Tanase, Malware Researcher of Kaspersky Lab. “June 2009 marks an important milestone in the evolution of social-networking malware – the activity we’ve seen this month exceeds by far any other month in the past,” he concluded.

Kaspersky Lab would like to offer few tips to users:

• Be cautious when opening links coming through suspicious messages, even if the sender is one of your trusted Facebook friends
• Use either Internet Explorer 7 running in protected mode or Firefox with NoScript installed
• Divulge as little personal information as possible on social networks. Do not give out your home address, phone number or other private details
• Keep your anti-virus software updated to prevent new versions of malware from attacking your computer

Kaspersky Lab users running any of the Company’s current anti-malware products are fully protected from all known variants of Net-Worm.Win32.Koobface. Kaspersky Lab’s global team of analysts are keeping a close eye on all threats coming from the social-networking space, monitoring malicious activity and constantly updating the protection that customers receive.