This malware family consists of Net-Worms that propagate primarily via the Facebook and MySpace social networks.
After infecting a computer, the malware obtains access to the user’s social network accounts. The malware then uses these accounts to send a link to multimedia content to all the user’s contacts. This link could be sent in a private message from the user of the infected computer, or else inside a comment on a social network page.
Clicking the link opens a malicious website that is disguised as a legitimate video hosting platform. Visitors to the website are asked to update the Flash Player or codec version on their computer.
If the proposed “updates” are installed, the computer is infected with Net-Worm.Win32.Koobface.
The infected computers are managed via a large peer-to-peer (P2P) network. When a command is received from the command-and-control server, malware on all the networked computers begins to replace the results of the user’s search requests with advertising content and installs unwanted software on the infected computer.
Main characteristics of this malware family:
Geographical distribution of attacks by the Net-Worm.Win32.Koobface family
Geographical distribution of attacks during the period from 30 December 2014 to 30 December 2015
Top 10 countries with most attacked users (% of total attacks)
* Percentage among all unique Kaspersky users worldwide attacked by this malware