koobface

koobfaceIf I was to tell you that criminals are using the internet to perform malicious, less-than-honorable deeds, it should, at this point in time, be of little or no surprise. In fact, we are all painfully aware that stealing personal information, hacking websites of all sizes, and scamming gullible web surfers have all become big business for digital thieves with pernicious intent.

Now, with the ever-increasing popularity of websites like Facebook, Twitter, LinkedIn, and Pinterest, cyber criminals are setting their sights on the newly-emerging mass market that is SOCIAL NETWORKING.

Over the past few years, social networking sites have boasted substantial growth in unique visitors; now reaching into the many hundreds of millions per month. With these massive increases in web traffic coupled with the growth of information and media availability comes increased attention from criminals looking to get in on the action. With every last bit of personal information available on these sites, and often with foolishly-unrestricted access, it is becoming even easier for petty thieves and groups of organized criminals to steal someone’s identity, drain bank accounts, and set traps to ensnare any info that their little black hearts desire.

Lately, the exploitation of social networking sites has really come to light as we’re beginning to see and hear about more virus and malware strains that target networking and sharing of links between users. Two of these that have recently come into the spotlight are “Koobface” malware and the “Zeus” virus.

Koobface, which first came about in 2008, has become rampant on social networking and file sharing sites of all types. It plays off the fact that visitors are often quite “click happy” when visiting sites of this nature encourages users to click pictures, videos, and links that are of a misleading nature. If and when the user falls for the trap, a window pops up with instructions to update Adobe Flash. I have seen this occur first hand, and while the update might not seem completely legitimate to some, it’s look and timing are realistic enough to ensnare the less-than-savvy surfer in the trap. The malicious program then goes to work gathering whatever passwords and sensitive information it comes across. McAfee Labs notes in their latest findings report that malicious programs like Koobface then go to work as sophisticated information-gathering tools which target login credentials, passwords, intellectual property, and valuable trade secrets; among other things.

Zeus, a Trojan that’s been lurking on the web for over 6 years, is making a strong comeback and finding a new, comfortable home nestled in Facebook pages across the world. According to Kevin Smith of Business Insider, Zeus sneaks into your system by posing as links from friends instructing the user to watch videos or listen to songs. The virus then remains dormant on the victim’s computer, waiting to strike when the time is right. As soon as the user logs into his or her bank account, the virus goes to work; hijacking all personal information and passwords. It then precedes to drain your accounts, where the money and sensitive information is funneled to the Russian criminals who run the operation. Smith goes on to note that highly-sophisticated versions of the virus have also been known to replace the user’s banking site with a fake version which aids in the gathering of sensitive data that can be sold on the black market and cause further problems for the victim down the road.

The resurfacing of Koobface and Zeus, as well as the constant introduction of new malware/viruses, provide us with a daily reminder that social networking sites and media exchange outlets offer an every-increasing opportunity for sophisticated criminals to intercepting, use, and abuse the personal information of others.

Best advice… avoid clicking links you are unfamiliar with and be on the look-out for suspicious pop-ups, messages, or anything that just seems out of the ordinary. In situations like this, a little bit of knowledge goes a long way.

 

Stay safe and have fun out there.

Eric Johnson
Eric Johnson
Co-Owner and founder of Credo Technology Group, LLC, Eric has been working with computers since the mid 80's and enjoys helping people become free of their technological stress.

Leave a Reply