Koobface Botnet

Koobface spreads through social networking sites, most prevalently through Facebook. Generally, Koobface relies on social engineering in order to spread. The Koobface message is designed to trick recipients into clicking through to a fraudulent website and either (a) enter their Facebook (or other social networking) credentials or to accept the installation of malware disguised as a video codec or Flash update.

Victims of Koobface become part of the Koobface botnet, under remote control of the Koobface attackers. Koobface is typically used for data theft.

A botnet is a collection of compromised (infected) computers under the collective control of remote attackers. The malware on the infected computer is known as a bot, a type of backdoor or remote access trojan (RAT). Bots communicate with botnet command and control (c&c) servers, enabling the remote attacker to update existing infections, push new malware, or instruct the infected computer to carry out specific tasks. In general, the presence of the bot gives the remote attacker the same abilities as the legitimate logged in user.

Koobface is a botnet-for-hire. Infected computers are sold to bidders, who may then foist their own malware onto those systems. For this reason, if Koobface is detected it should be assumed that other malware is present as well.