September 18, 2009, 7:16 AM — Koobface, the social-networking worm that’s becoming almost as popular as Facebook itself, has added a new feature for Internet Explorer users who happen to stumble upon its fake Facebook pages.
The worm has been installing FAKEAV malware on victims’ PCs when they are confronted with a pop up asking them to install or cancel – in either case the malware downloads itself and begins stealing personal or financial information.
Now, with this new twist, even savvy IE users who know that FAKEAV is, well, fake, will have a hard time avoiding the malware.
According to a post on Trend Micro’s blog, Koobface is giving visitors to its fake Facebook pages no way out; now if users running Internet Explorer try to close out of the FAKEAV pop up – instead of choosing to install or cancel it - the malware is downloaded anyway. In fact any button a user clicks now activates the download.
New twists like this one show that the Koobface gang is working to stay one step ahead of PC users. The gang is also perfecting techniques for making the malware as ubiquitous as possible; researchers recently studied how the group uses search-engine optimization techniques to achieve the highest levels of exposure.
Do you tweet? Follow me on Twitter here.
