Facebook worm "Koobface" is back

News sources are reporting the resurgence of a Facebook worm known as "Koobface". Here is what you need to know about the threat.

• The virus strain itself is not new. Dancho covered a previous iteration of the virus a few months back.
• The virus's behavior and propagation methods are identical to those seen in the commonplace malware-pushing spam. Infected computers are grabbing the user's Facebook credentials out of the network stream, logging into the social network site, and spamming the user's friends with a link to malware.  In this case, the malware claims to be an upgrade to the computer's Adobe Flash player.
• Facebook itself has not been compromised, but it could have done a better job of informing users about the malware issue. Jennifer Leggio has an account of how the notification e-mail itself is somewhat confusing and contradictory.
• Users can protect themselves by not following any instruction from a Facebook page that tells them to upgrade a standard browser plugin like Flash Player. If you are ever instructed to upgrade a plugin, go to the vendor's website directly and download the patch.

Those of you who would like a more in-depth analysis of the security issues surrounding social networks should take a look at Paul F. Robert's very timely analysis on the issue.