Spam by Koobface example

In the following screenshot taken by Websense you can see a spam message sent by Koobface from a compromised Facebook account:

The URL used does not work as a link since at the beginning it includes the letters hpPg, in this way they manage to pass the antispam filters and expect the user, upon noticing the error, to copy and paste the link manually.

Once this is done the victim can end up directly on a page that offers a fake flash update to watch a video; a fake google news page with links to the fake video page; or one phishing page designed to steal Facebook credentials (screenshots can be viewed on Websense).

Since its appearance in 2008, the Trojan has not undergone major changes in the way it operates, but small variations have appeared that continue to keep it alive.

Most of these threats are avoided by common sense… you have to be careful with the links of the social networks even if they are published by a trusted friend, you must always observe the URLs in the browser and avoid the downloads or installations offered by unknown pages.

See also: Koobface infecting Ubuntu.