Search My Blog

Thursday, October 28, 2010

New Koobface Variant Infects Windows, Mac OS X and Linux Systems - Softpedia

New Koobface Variant Infects Linux Systems

Adjust text size:

October 28th, 2010, 10:58 GMT| By Lucian Constantin

Java-based                                                     attack infects Linux                                                     systems with                                                     Koobface variant
Enlarge                                                     picture
Security researchers warn that a new drive-by download attack is capable of infecting Windows, Mac OS X and Linux systems with a new variant of the notorious Koobface worm.

The attack was spotted on social networking websites like Facebook, MySpace and Twitter, the usual hunting grounds of the Koobface gang.

It begins with users receiving a messages from their friends, who direct them to an online video. Lures like "Is it you in this video?" have been observed.

The included link leads to a fake YouTube page, which displays a video thumbnail. Clicking it launches a Java applet, that users are asked to accept.

Malicious page                                                     launching Java                                                     exploit
Enlarge                                                     picture
The applet exploits a remote code execution vulnerability in outdated versions of Java and checks the visitor's operating system.

Based on this determination, the appropriate version of the Koobface worm is installed without requiring any interaction from the victim.

Koobface is the father of all social networking worms and its authors are constantly coming up with new ideas to avoid detection or to make the threat more resilient.

Once installed on a computer, the worm hijacks the social networking accounts of its owner and uses them to propagate.

Infected systems join together in a botnet and contact a command and control server, from where they receive instructions.

According to Jerome Segura, a security researcher at ParetoLogic, who analyzed the attack, the Linux Koobface version is attached to a Java applet called jnana.tsa.

The applet is dropped inside the user's home directory and stops running at computer reboot. This means that on Linux, unlike on Windows, the Koobface infections are temporary.

However, Linux computers tend to stay open much longer than Windows ones, which gives attackers enough time to use them for malicious purposes.

The attack is further limited by the fact that many consumer-oriented Linux distributions, including Ubuntu, don't come with Java installed by default.

Nevertheless, the news might be disappointing to many Linux and Mac OS X users, who seem to believe that malware doesn't work on these operating systems.

Researchers have repeatedly advised that as their market share increases, malware authors will begin viewing these platforms as attractive targets.

Follow the editor on Twitter @lconstantin
Copyright © 2001-2010 Softpedia. Contact/Tip us at


Koobface | Linux | drive-by download | Java exploit | jnana.tsa


Cross-Platform Attack Installs Trojan on Wi...

Facebook Knows Who the Koobace Authors Are

Koobface Gang Begins Tracking Its Victims

New Koobface Variant Installs Highly Invasi...

New Koobface Campaign Spotted on Facebook
  TWEET THIS Subscribe to news    Print article    Send to friend



Go there...


No comments: