It can then commandeer the computer's search engine use and direct it to contaminated websites. If they download and execute the file, Koobface is able to infect their system. Upon receipt, the message directs the recipients to a third-party website (or another Koobface infected PC), where they are prompted to download what is purported to be an update of the Adobe Flash player. Koobface originally spread by delivering Facebook messages to people who are 'friends' of a Facebook user whose computer has already been infected.
A study by the Information Warfare Monitor, a joint collaboration from SecDev Group and the Citizen Lab in the Munk School of Global Affairs at the University Toronto, has revealed that the operators of this scheme have generated over $2 million in revenue from June 2009 to June 2010. It was first detected in December 2008 and a more potent version appeared in March 2009. Its peer-to-peer topology is also used in showing fake messages to other users with the purpose of expanding the botnet.
Can malewarebytes detect koobface install#
The botnet is used to install additional pay-per-install malware on the compromised computer as well as hijack search queries to display advertisements. A compromised computer contacts other compromised computers to receive commands in a peer-to-peer fashion. It then uses compromised computers to build a peer-to-peer botnet. Koobface ultimately attempts, upon successful infection, to gather login information for FTP sites, Facebook, and other social media platforms, but not any sensitive financial data.