The worm discovered and dubbed “Koobface.a and Koobface.b” by security firm Kaspersky, spread themselves through leaving comments and messages on social network sites like Facebook and MySpace, which are sent to friends of an infected user. In order to trick the recipients into clicking on the links, the comments use names of celebrities or references to fake stories or videos. Some examples of comments’ titles include “Paris Hilton Tosses Dwarf On The Street,” and, “Examiners Caught Downloading Grades From The Internet.”
Once a link is clicked, the user is redirected to a site that includes a video clip. The user cannot watch the video unless the update is applied. Once compelled to do so, the user then downloads and executes codesetup.exe which then installs the worm on the user’s machine.
“Unfortunately, users are very trusting of messages left by ‘friends’ on social networking sites. So the likelihood of a user clicking on a link like this is very high,” senior virus analyst Alex Gostev said.
An infected computer would then become part of a botnet, which could be used later to launch additional attacks. It may also upload modules with additional functionality to the Internet.