An elaborate Twitter scam involving a sensational tweet about Barack Obama has been detected. This scam lures its victims with a promise of a video showing president Barack Obama punching a man for cursing him, leads them to a fake facebook page where it steals their Twitter credentials, and closes the deal by enticing them to download a malicious worm disguised as “an update for YouTube player”.
It all starts with the scandalous tweet as shown above (personal details and racist content blurred). Users receive this tweet as a DM, and if tempted to click, they’ll be led to a fake Facebook page, where they will be asked for their Twitter credentials in order to watch the video. If you choose to enter your Twitter details here, the malware will promptly hijack your account and begin sending these DMs to all your contacts in your name.
Next, users are taken to a second fake Facebook page, complete with a fake YouTube frame, where a new message appears: “An update for YouTube Player is needed”, it says, prompting you to install this update in order to watch the video. Naturally, this is no YouTube Player update, but the Koobface.LP worm, which will infect your computer and steal your personal data.
Koobface.B Worm is a worm that spreads through social websites such as Facebook, Twitter, MySpace and others. If you look closely at the worm’s name you will see that Koobface is actually “Facebook” spelled backwards. It infect all types of operating systems, and the main goal of Koobface.B Worm is to gather login data to various websites such as Facebook and other social media pages, although it has not been registered to steal financial information.
As far as the distribution via Facebook is concerned, Koobface.B Worm is spread through spam messages that are sent out from already infected users’ profiles to their friends. The messages carried by the worm are very random. Some of the examples include:
“You must see it!!! LOL. My friend catched you on hidden cam,”
“Is it really celebrity?
“Examiners Caught Downloading Grades From The Internet”
“Hello this guy is saying bad rumors about u…”
“Did you see this pic of you?”
BE WARNED !!!
Since Koobface.B Worm does not have an interface and runs in the background of your system, manual removal is hard if you are not a computer specialist. That is why you need to acquire a trustworthy antimalware scanner that will detect all the worm’s components for you and remove Koobface.B Worm from your system automatically. Then don’t forget to run the full system scan again, to check whether you have any other malware left, because malicious threats like Koobface.B Worm seldom come alone.
Instructions on how to remove this worm if you are infected.
- Disable System Restore if you are running Windows XP or earlier. Click “Start,” “Control Panel,” “System” and select the “System Restore” tab. Click the “Turn off System Restore” check box and click “OK.” Restart your system if prompted to do so. Windows Vista users can skip this step. Windows 7, windows 8 users should not be affected by this virus.
- Open your anti-virus software and update your virus definitions to make sure you have the latest definitions.
- Run a full virus scan on your computer. Do not run a partial or quick scan. Take the time to run your anti-virus software’s full scan so it searches absolutely everywhere for the Koobface Facebook virus.
- Quarantine and/or delete the virus when it shows up in your scan results. Use the method of control recommended by your anti-virus software.
- Visit your anti-virus software’s website for specific patches for the Koobface Facebook virus if your full scan could not contain it. The virus will most likely be taken care of in your regular scan but McAfee and Symantec both have patches, if necessary
TIP & WARNING
This is by no means the only scam of its kind going around. As always, it’s crucial that you don’t click links with suspicious messages about scandalous videos and pictures of you or others, even if they seem to come from people you know. And even more importantly, if you’ve already clicked it, never enter your credentials and never download anything that looks even remotely off.
The Koobface virus is easily stopped by simply never downloading files unless you have complete confidence in their origin. If you receive a suspicious email, delete it without clicking any links. If you think it might be a legitimate email, but aren’t sure, email or phone the sender to ask.
Have a wonderful day.