Koobface in Facebook

Facebook, much maligned social site, is now target of trojans, specifically the Koobface.

But it was due to happen: Facebook as a social application is, by far, the most famous; its users are all connected through some degree of trust, and the constant use of social sites has eroded the security instincts that we all developed when we first opened our hotmail account. Now, how many users would even consider clicking on a link that came through email, even from a friend? Very few people – email like that gets trashed very fast. Not so in Facebook, it seems, so much so that this is making news. And at least now we know that fb has a security page, although too little, too late.

From the avertlabs page on the trojan we get that

This component listens on TCP port 9090 and proxies all HTTP traffic, in particular looking for traffic to Google, Yahoo, MSN, and Live.com for the purpose of hijacking search results. Search terms are directed to find-www.net. This enables ad hijacking and click fraud.

The tinyproxy thing was easy to find, but many other things come through that open
door. And that’s when the security nightmare beings.

Ironically, I just got a CSI invitation, and one of their selling poiints is social media and its implication sin security. What do you know!

Tagged with: ,

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.