Got a Christmas Card Video? Beware of the Koobface Worm

image Just yesterday I mentioned; even technically astute users are finding that staying safe on the Internet is more difficult than it has ever been.

To illustrate this point, I noted that in last few months, some of my favorite tech writers have come clean, and admitted having had to deal with malware infections on their personal machines.

If you’re wondering why even security experts can be fooled, the simple answers is – all of us, you, me, the informed and the uninformed, are in a battle with cybercriminal experts.

I long ago came to the conclusion that cybercriminals are some of the craftiest people on the planet. I say this, not in admiration of what they do, but instead, how they do it.

Business in general, could take away some valuable lessons from the methods used by cybercriminals to achieve maximum “market” penetration. Recognition of opportunity, and the timing and implementation of strategy, is critical to business success. I can’t think of another group  that does this with more skill, than the cybercriminal community.

Cybercriminals use every conceivable opportunity to spread malware, and the celebration of special events creates an exceptional opportunity for cybercriminals.

The Christmas season, when most of us let our guard down somewhat, in the spirit of the season, I suspect, is a timely opportunity for cybercriminals.

PandaLabs, Panda Security’s malware analysis and detection laboratory, has just reported on a new Christmas Holiday FaceBook scam that renders users’ computers useless, should they follow a malicious link on a user’s wall.

If you have a Facebook page, you may well be curious and even anxious to follow this link, or links like it, but don’t let your curiosity override your common sense. Security experts argue (none too successfully it seems), that a significant number of malware infections could be avoided if users stopped  clicking haphazardly, or opening the types of files and emails that are potentially dangerous.

Those unlucky victims who become infected by the Koobface worm involved in this attack, may be lucky, and may be able to recover control of their computer – but I wouldn’t count on it.

I encourage you to read the following PandaLabs Report:

Cybercriminals are capitalizing on the Christmas holiday in a new Facebook scam that renders users’ computers useless.

Following the posting of malicious links on Facebook users’ walls, the bait directs to a fake embedded video player that poses as a Christmas greeting. When users try to play the video or click on a link on the page, their computers download and install a variant of the well-known Koobface worm, Koobface.GK.


After the virus is installed on a computer, a Captcha is displayed that threatens to reboot the computer within three minutes. Although nothing happens after three minutes, the computer is rendered useless.

Every time a user enters the Captcha text, Koobface.GK registers a new domain where the infection files are hosted, facilitating the worm’s continued distribution.


“Social networks have become one of the popular entry points used by hackers to spread their creations, due to the false sense of security many users have regarding the content published on these networks,” says Luis Corrons, technical director of PandaLabs. “Users generally trust the messages and content they receive, and consequently hackers get a high level of response through these channels.”

Christmas: Cybercriminals’ favorite time of year

The latest attack takes advantage of an increase in Internet users sending Christmas greeting cards to their family and friends. It follows continued attention from cybercriminals on the holiday season, with Christmas-themed malware that is created year after year.

Examples of Christmas-specific malware first appearing in past holiday seasons include:

ZafilD, 2002: Although this worm appeared several years ago, it is still distributed through e-mails that use Christmas greetings as bait. It opens a port on the infected computer without users’ knowledge and downloads another Trojan.

MerryX.A, 2005. MerryX.A infected users’ computers in a Christmas greetings e-mail with an attachment, which was really a Trojan designed to capture keystrokes and steal information.


This Trojan managed to infect more than 50,000 Internet users in only one week.

The Navidad (Christmas in Spanish), 2007. This malware family has numerous variants. These astute worms are difficult to detect because they reach computers are sent in the form of an e-mail reply, which has previously been sent to another (infected) recipient. The message includes the Navidad.exe file, which infects computers when run.

To stay safe on social networks, PandaLabs recommends Internet users do the following:

Don’t click suspicious links from non-trusted sources. This should apply to messages received through Facebook, other social networks and even via e-mail.

If you click on links, check the target URL. If you don’t recognize it, close your browser.

Even if you don’t see anything strange on the target URL page but are asked to download something, don’t accept.

If you do download or install an executable file and the PC starts to launch messages, there is probably malware on your computer.

As a general rule, make sure your computer is well protected to ensure you are not exposed to the risk of infection from any malicious code. You can protect yourself by downloading Panda Security’s new free Panda Cloud Antivirus solution.

More information about these and other malicious codes is available in the Panda Security Encyclopedia. You can also follow Panda Security’s online activity on its Twitter and PandaLabs blog.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

1 Comment

Filed under Don't Get Scammed, Don't Get Hacked, downloads, Free Security Programs, Freeware, Internet Security Alerts, Malware Advisories, Online Safety, Online Spyware/Virus Scanners, Panda Security, PandaLabs, Safe Surfing, social networking, Software, Viruses, Windows Tips and Tools, worms

One response to “Got a Christmas Card Video? Beware of the Koobface Worm

  1. awsome site. very useful info. Thanks