The Koobface virus has finally arrived at my Facebook! After waiting for it to arrive at my account since reading about it on the web, the Facebook virus has been sent to me by a 'friend', disguised as a stolen video link. Good thing I already know about it or else I would have fallen prey as well.

"Hey, I have this hilarious video of you dancing. Your face is so red. You should check it out." That's the message I received from samgoodgirl. It contained a link that when clicked leads to a site where "Koobface" prompts you to update your Flash player before the video can be displayed. Once you choose to update your files, you're dead! The Koobface virus (aka Facebook virus) is then installed into your machine
and its worms will immediately transform your PC into a "zombie". What a zombie machine is, I have no idea and I have no intention to find out at this point. I'm just happy that I wasn't gullible enough to believe that there is a stolen video of me floating in cyberspace.

According to the McAfee Security blog, once the Koobface virus (Facebook virus) infects your PC, "it prompts a downloaded service named Security Accounts Manager (SamSs) to load on start-up. SamSs then proxies all HTTP traffic, stealing results from popular search engines and hijacking them to lesser-known search sites." It also adds the following advice to users:

Do not follow any unexpected hyperlinks you receive over the Web, Email, or IM, even if they are received from someone you know. It’s best to ask for confirmation from the sender; that they intentionally sent such a link.

On the other end of hyperlinks, it’s best to install software and updates from the source (such as adobe.com in this case) rather than trusting the content from a third-party website.

Facebook is already aware of this threat and is purging the spammed links from their system. But with dozens of Koobface variants known to exist, the situation is likely to get worse before it gets better. It’s important to note that spammed links leading to Koobface are likely to come from infected friends, reminiscent of early mass-mailing worms. The safe-computing practice created more than 10 years ago still applies today, which is not to open any unexpected email attachments, even if they are from someone you know.

If you have, unfortunately, been victimized by this virus, here's how you can fix it: Facebook offers links to free online virus scanners at this page. It is also advised that you change/reset your password immediately. You can do it here. (Don't worry, these links are legit. Mouse-over them first if you are in doubt.)

Here are a few more security tips from Facebook to avoid being victimized by malware or scams online. Remember, it always pays to be extra careful with our online transaction, even with our online friends. BTW, this malware is not exclusive to Facebook as a Koobface virus variant is also being circulate in MySpace.

If a link or message seems weird, don't click on it. This is true of all spam—whether a chain letter, an ad, or a phishing scam. If it seems weird for an old friend to write on your Wall and post a link, that friend may have gotten phished. Let the person know, and don't click on links you don't trust.

Be aware of where you enter your password. Just because a page on the Internet looks like Facebook, it doesn't mean it is. Learn to tell the difference between a good link and a bad one.

Report any spam or abuse you see on discussion boards and Walls. Those report links are there for a reason. The sooner we find spam, the sooner we can remove it and eliminate spammers from the site.

Don't use the same password on Facebook that you use in other places on the web. If you do this, phishers or hackers who gain access to one of your accounts will easily be able to access your others too. You might find yourself locked out of your email and even your bank account.

Never share your password with anyone. Don't do it. Facebook will never ask for your password through any form of communication. If someone pretending to be a Facebook employee asks you for it, don't give it out, and report the person immediately.

Don't click on links or open attachments in suspicious emails. Fake emails can be very convincing, and hackers can spoof the "From:" address so the email looks like it's from Facebook. If the email looks weird, don't trust it, and delete it from your inbox.

Add a security question. If your account ever does get stolen, you might need this to prove your identity to Facebook. If you haven't already done so, you can add a security question from the "Account Settings" page.

If you like this post, then please consider subscribing to my RSS feed. You can also subscribe by email and have new posts sent directly to your inbox.

Your Ad Here