Skip to main content

What Is the Koobface Malware?

Old computer viruses and worms are just as virulent today as they were at their peak and could even be making a comeback. As defenses against cybercrime become more robust, some analysts warn that cybercriminals may return to old-school ploys like the Koobface malware (often called a worm or a virus), which uses social engineering and phishing to infiltrate systems and steal data.

Social media is a prime target. Originally, Koobface infiltrated email, VOIP (like Skype) and social networking sites on Microsoft, Mac and Linux systems. It was reported mainly in the U.S. and Australia, with some reports in Europe. In the U.S. in 2016 (the most recent reporting period), the FBI reported that social media was used to commit 18,712 cybercrimes that resulted in $66.4 million in losses.

Discovered in 2008, Koobface became one of the most prolific internet worms in 2009. It went dormant for years, then reemerged in 2013 with nearly twice the infections in the first quarter than were reported in all of 2009 — and it's still out there. Koobface can get on your computer by masquerading as something enticing you want to click. For example, it might post a cryptic message to your Facebook wall, such as "You were seen on our secret camera," to encourage you to click a link that downloads and installs the worm on your computer.

Another Koobface approach uses pay-per-click ads to generate revenue while directing traffic to spoofed websites, including some that offer bogus antivirus protection. Other variants take you to YouTube or a similar site and then claim you need to install a new version of Adobe Flash or a plug-in to proceed. Others come in the form of friend requests for people you may not know or require you to solve CAPTCHAs (popular challenges to prove you're not a robot) in order to use the results to attack other computer systems.

Once installed on your computer, the Koobface worm tunnels through your system, collecting personal information like log-on and banking information, mining your contact list for additional targets and creating fake posts in your name. The worm then transmits the data to a command and control center (C&C). As more computers are infected, they form a robot network known as a botnet that connects back to its primary machine for malware updates that help it spread to other systems.

Once your computer is infected, cyber crooks can use it to run software of their choosing in the background, install ransomware, block websites, steal license keys and perform other malicious tasks, making your computer a node in a global criminal network. Because the C&C centers are located throughout the world, it's virtually impossible for any single event or government to take them all offline. Facebook's Koobface Working Group, in fact, combatted the worm for years by putting certain URLs on a denylist and deploying Scan-and-Repair tools before eventually successfully taking down the "Mothership," the C&C center.

Protect Yourself

Typically, Koobface infects one file on a computer. A few known Koobface files include Fbtre6.exe, Mstre6.exe, Freddy35.exe, Websrvx.exe, Captcha6.exe, Bolivar28.exe, Ld05.exe, Ld11.exe and Ld12.exe, but there are many others. In contrast, viruses infect multiple files on a single system.

Reputable anti-malware Internet security solutions protect against the Koobface malware. Install a good one, and allow it to update its malware definitions and scan your system regularly. This is simpler, safer and more effective than trying to remove the Koobface files manually.

As with any malware, new variants may emerge. To further protect yourself and your electronic devices from existing threats and emerging variants, always use the latest version of your operating system and web browser, and update your antivirus software regularly. Older system applications that aren't updated with current patches remain susceptible.

Always be vigilant, and weigh the risks before you download files. Don't open unsolicited emails or links, and understand that even messages from close friends and trusted business associates could be infected. If an attachment seems out of character for that sender, don't open it. Finally, when away from your computer for long periods of time, turn it off or disconnect it from the internet. If your computer is infected, this reduces the time cybercriminals have to transmit your data.

What Is the Koobface Virus?

The Koobface Virus is a worm that uses social engineering and phishing to infiltrate systems and steal data. Learn more about this threat here.
Kaspersky Logo