Koobface Botnet Attacking URL Shortening Service

by Frank Jovine on 12/02/2009 in Security, Security Info, Virus Threats

A user clicking on a bit.ly link generated by the Koobface botnet will get forwarded to a Blogspot account that’s already infected with Koobface. The Koobface will load a Xmas season themed template from a Koobface infected host. A similar redirection will take place if the user clicks on the spamvertised Google News redirector, or Google Reader link pushed by the Koobface botnet.

The most popular URL shortening service Bit.ly has announced its intention to add additional layers of security by cooperating with Verisign, Sophos, and WebSense in detecting malicious content using the service.

Bit.ly is currently the only service of shortening URLs to put security in high regard and ahead of the competition. It’s extremely important that Bit.ly implement this new security fast, as the Koobface botnet have found workarounds that trick existing users of its service.

According to a blog post by Dancho Danchez on ZDNet – “The Koobface botnet, one of the most efficient social engineering driven botnets, is entering the Xmas season with a newly introduced template spoofing a YouTube video page, in between enticing the visitor into installing a bogus Adobe Flash Player Update (New Koobface campaign spoofs Adobe’s Flash updater), which remains one of the most popular social engineering tactics used by the botnet masters.”

The Koobface Botnet is working over time to exploit many popular websites to try to trick users. If you’re not sure of the source, do not click on any shortened URLs!

Before you click on an unknown URL, check it first using the Trend Micro Web Reputation Search Tool.

http://reclassify.wrs.trendmicro.com/
Read more about Trend Micro Web Reputation Search Tool.