Koobface worm joins the Twittersphere

Summary:Cybercriminals are experimenting with a new feature introduced in one of the latest Koobface variants - the ability of the worm to hijack the Twitter accounts of infected users and post tweets in an attempt to infect their followers.According to researchers from TrendMicro, once the infected user attempts to log into Twitter, Koobface hijacks the session and posts a tweet on behalf of the user.

Cybercriminals are experimenting with a new feature introduced in one of the latest Koobface variants - the ability of the worm to hijack the Twitter accounts of infected users and post tweets in an attempt to infect their followers.

According to researchers from TrendMicro, once the infected user attempts to log into Twitter, Koobface hijacks the session and posts a tweet on behalf of the user.

Would this novel feature allow the worm to spread even more efficiently? It largely depends on whether or not they'd remove the beta label from it, and go mainstream with the feature.

For the time being, the pre-defined set of messages include the following: My home video :); michaeljackson' testament on youtube and Watch my new private video! LOL :). Interestingly, upon obtaining real-time statistics from their experimental Twitter campaign, the results show close to a hundred users that came to their bogus video serving (W32.Koobface.A) site through Twitter.

Compared to the automatic spreading of the worm across Facebook where the process of the CAPTCHA challenge recognition was outsourced, in Twitter's case the lack of reliable use registration process or any sort of CAPTCHA challenge, makes the abuse of the micro-blogging service incredibly easy to accomplish.

Has the worm's growth rate changed over the past month? According to recently released statistics from Kaspersky Labs, June was the most active month for the Koobface gang in terms of the number of samples generated -- 324 Koobface variants at the end of May 2009, to almost 1000 by the end of June 2009 -- a tactic used to increase the average time of their campaigns until they get intercepted. Earlier this year, PandaLabs confirmed the growth rate once again indicating the group's commitment.

For the time being, Koobface remains one of the most active social networking worms spreading across Facebook, Tagged, Friendster, MySpace, MyYearBook, Fubar.com, Hi5 and Bebo since 2008, and despite the variety of new features, the worm continues relying on social engineering tactics in order to spread.

Topics: Social Enterprise, Security

About

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.