Koobface back from the dead as pump and dump spam surges

Social networking malware at record levels

The Koobface social media worm-Trojan has made a surprise return from the dead, spiking to double its previous record mark, McAfee's latest quarterly threat report has found.

Koobface is best remembered as a plague on a range of social networks but particularly Facebook (its name being an anagram), first spreading through these sites in July 2008.

A concerted fightback by (among others) Facebook and Microsoft dismantled the command and control behind the malware's bot and by late 2010 it was considered severely curtailed and dropped off the radar.

McAfee's figures show that it continued at a much lower level of activity thereafter but in the first quarter of 2013 suddenly surged to several times the volume of infections the firm detected during 2011 and 2012.

It was now running at double the level measured by McAfee when the malware was at its previous apogee, in the last quarter of 2009, the company said.

Why Koobface has returned so forcefully is not clear but it is likely the malware has been re-deployed independently of the social media distribution channel it used so successfully five years ago.

The Russian developers accused of being responsible for Koobface were eventually named by Facebook in early 2012, an extremely unusual development; what came of this has never been clear but no arrests were ever made public.

"The resurrection of Koobface reminds us that social networks continue to present a substantial opportunity for intercepting personal information," said Vincent Weafer, senior vice president, McAfee Labs.

"Within the enterprise, we see password-stealing Trojans evolving to become information-gathering tools for cyber-espionage attacks. Whether they target login credentials or intellectual property and trade secrets, highly-targeted attacks are achieving new levels of sophistication."

"We were surprised to see Koobface come back after original ring behind the worm was exposed last year. We're not sure whether it's the same worm run being run by different people, or if it's simply a very similar threat, but Facebook's security team is being active in trying to any kind of combat malicious activity on the network," said his colleague, McAfee Labs EMEA security strategist, Toralv Dirro.

Another unwelcome return spotted by McAfee during the first quarter was a rise in the volume of spam in some countries after a long period in which it has been declining.

A major cause in countries such as the US was 'pump and dump' scams. These are one of the oldest forms of spam and these days aim not so much to drive up prices for useless companies so much as generate enough liquidity that criminals can dump stock at any price.

Spam volumes had doubled, with one fator being the steady rise in the prices of equities in recent months.

Join the CSO newsletter!

Error: Please check your email address.

Tags Personal TechmcafeeMicrosoftsecurityFacebook

More about FacebookMcAfee AustraliaMicrosoft

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John E Dunn

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts