Koobface gears up for Christmas

Koobface is doing the rounds again

The hackers behind the infamous Koobface worm have launched a new campaign that seeks to trick users by employing a Christmas theme.

Koobface was first detected around a year ago, spreading primarily through social networking sites such as Facebook and MySpace, and stealing user credentials and other sensitive information such as credit card details.

Users are generally more trusting of messages coming from their friends or contacts on these sites, so Koobface's strategy - compromising accounts then sending out messages containing malicious links to their "friends" - was highly successful.

Now, new alerts from security vendors Websense and Symantec are warning users that the new message "I caan't ffall asleepp affter viewwing thiss videeo. I haven'tt seenn aanything liike this" is Koobface.

The accompanying link will take users to a fake Facebook page or a fake YouTube video page where they will be encourage to install and run a setup.exe file presented as free antivirus to protect the user from Koobface, or a Flash upgrade to watch a video posted by SantA.

"This file is currently detected by 16 out of 41 antivirus products according to VirusTotal," noted a Websense security alert. "If the user runs the infected file, the worm will automatically login to their Facebook, MySpace, and several other social networking sites and send messages to all their friends."