Koobface back from the dead as pump and dump spam surges

Social networking malware at record levels

The Koobface social media worm-Trojan has made a surprise return from the dead, spiking to double its previous record mark, McAfee's latest quarterly threat report has found.

Koobface is best remembered as a plague on a range of social networks but particularly Facebook (its name being an anagram), first spreading through these sites in July 2008.

A concerted fightback by (among others) Facebook and Microsoft dismantled the command and control behind the malware's bot and by late 2010 it was considered severely curtailed and dropped off the radar.

McAfee's figures show that it continued at a much lower level of activity thereafter but in the first quarter of 2013 suddenly surged to several times the volume of infections the firm detected during 2011 and 2012.

It was now running at double the level measured by McAfee when the malware was at its previous apogee, in the last quarter of 2009, the company said.

Why Koobface has returned so forcefully is not clear but it is likely the malware has been re-deployed independently of the social media distribution channel it used so successfully five years ago.

The Russian developers accused of being responsible for Koobface were eventually named by Facebook in early 2012, an extremely unusual development; what came of this has never been clear but no arrests were ever made public.

"The resurrection of Koobface reminds us that social networks continue to present a substantial opportunity for intercepting personal information," said Vincent Weafer, senior vice president, McAfee Labs.

"Within the enterprise, we see password-stealing Trojans evolving to become information-gathering tools for cyber-espionage attacks. Whether they target login credentials or intellectual property and trade secrets, highly-targeted attacks are achieving new levels of sophistication."

"We were surprised to see Koobface come back after original ring behind the worm was exposed last year. We're not sure whether it's the same worm run being run by different people, or if it's simply a very similar threat, but Facebook's security team is being active in trying to any kind of combat malicious activity on the network," said his colleague, McAfee Labs EMEA security strategist, Toralv Dirro.

Another unwelcome return spotted by McAfee during the first quarter was a rise in the volume of spam in some countries after a long period in which it has been declining.

A major cause in countries such as the US was 'pump and dump' scams. These are one of the oldest forms of spam and these days aim not so much to drive up prices for useless companies so much as generate enough liquidity that criminals can dump stock at any price.

Spam volumes had doubled, with one fator being the steady rise in the prices of equities in recent months.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags MicrosoftFacebookmcafeePersonal Tech

More about FacebookMcAfee AustraliaMicrosoft

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Brand Page

Stories by John E Dunn

Latest Videos

More videos

Blog Posts