Koobface worm is distributed on social networks, usually on MySpace and Facebook. It embeds itself on victim’s profile and displays links to malicious websites. The websites promote video codec which is actually the Koobface worm. Those sources might also install the worm without notifying visitors.
Koobface is also known as W32/Koobface, W32/Koobface.AZ, W32.Koobface and Boface. Once it gets on a machine, it checks if there are cookies of social networks. If it finds the cookies, it infects victim’s profile. If Koobface worm can’t find evidence of social networking websites, it simply erases itself.
Koobface also loads pop-ups that look like MS Windows error messages. The pop-up contains the following text: "Error installing Codec. Please contact support."
Related files: fmark2.dat
• Connects itself to the internet
• Hides from the user
• Stays resident in background
It might be that we are affiliated with any of our recommended products. Full disclosure can be found in
our Agreement of Use.