Facebook worm Virus

Facebook users unwittingly spread Koobface Facebook users are being targeted by a nasty new version of the Koobface worm -- dubbed Koobface.GK -- that compels its victims to manually participate in creating a new Facebook account to help spread the worm.

The attackers are posting malicious links on Facebook wall pages enticing folks to click on a cutesy Christmas video. Attempts to play the video turns over control of the PC to the attacker, says PandaLabs researcher Sean-Paul Correll. The victim next sees a Windows warning message requiring them to solve a CAPTCHA puzzle within three minutes. If you see this screen, you must solve the puzzle to regain control of your PC. CAPTIONBy PandaLabsA timer ticks down. If the puzzle goes unsolved after three minutes, the PC freezes up. Rebooting won't help. The CAPTCHA puzzle will reappear. The only way to end the loop is to solve the CAPTCHA. The victim can then use his or her machine as normal. But the attacker still has control.

While this ruse is unfolding, the worm separately uses the victim's machine to fill out a new account application. This goes on unseen by the victim. Solving the CAPTCHA is the final step in creating a new Facebook account. The new account is then used to post more tainted Christmas links. And the cycle repeats. These bad guys have thus pioneered a cheaper, faster way to create shell Facebook accounts for nefarious purposes.

This is a much more robust method than recruiting CAPTCHA-resolvers and paying them a few pennies to resolve new account application CAPTCHAs in real time, as we wrote about in this story.

The bad guys have made it difficult for Facebook to cut them off, since active members are actually creating the new accounts, says Correll. "It's a completely decentralized way to propagate the worm by way of using the victims' machines, making the victim solve the CAPTCHA," say Correll.

By Byron Acohido

__________________________________________