56th variant of the Koobface worm detected

Researchers from PandaLabs are reporting on the detection of the 56th variant of the Koobface worm (Boface.BJ.worm), spreading across Facebook, Tagged, Friendster, MySpace, MyYearBook, Fubar.com, Hi5 and Bebo since May, 2008.

According to the company, the growth of Koobface related infections is as high as 1,200% since the first time it was detected over an year ago, where almost 40% of the infections based in the U.S, with the growth trend also confirmed by Microsoft's Malware Protection Center.

What the cybercriminals have changed this time is the template, the use of an Ukrainian web site hosting service, and the "missing" fake codec, which upon execution is not only converting the infected PC into a hosting provider part of the campaign, but is also pushing scareware, liveantimalwareproscanner .com and live-antimalware-scanner .com in particular.

Despite the ongoing industry collaboration, and with MySpace already declaring victory over Koobface, the persistence of the malware gang using social engineering tactics, typosquatting of social networking domains, and their outsourcing of the CAPTCHA breaking process aimed to slow down automated abuse of the sites, makes Koobface a success story (see sample statistics) that you should keep an eye on.