New Koobface Worm variant hits Facebook

In this scam, users receive a message with a link, purporting to be from a friend from the user's contact list, along with a spoofed version of YouTube. Once users click the link, they are taken to a site supposedly hosting a video that appears to be from the alleged sender, containing the name as well […]

In this scam, users receive a message with a link, purporting to be from a friend from the user's contact list, along with a spoofed version of YouTube. Once users click the link, they are taken to a site supposedly hosting a video that appears to be from the alleged sender, containing the name as well as the photo of the user's "friend" from his or her Facebook profile.

By clicking the install button, users are redirected to a download site for the malicious file setup.exe, which is the Koobface variant known as WORM.KOOBFACE.AZ, hosted by a foreign IP address. All IP addresses hosting the malicious file are detected as HTML_KOOBFACE.BA.

Full Article