UPDATED: Koobface Facebook Worm Back With A Bang… Or Not

UPDATE: McAfee has admitted a major error in its calculations – noting on 7 June they got it completely wrong. In fact, Koobface samples have declined since Facebook’s actions, the company said. You can find its apology in full here.

Original story: A worm targeting Facebook users known as Koobface has seen its sample size triple in the last quarter, even though the social network and its partners thought they had seriously damaged the criminal operation last year.

There were over 115,000 samples detected by McAfee in the last quarter, compared to just under 40,00 in the previous quarter. It’s also over double the previous record number of samples recorded.

In early 2012, Facebook published the names of five men it believed were behind Koobface, which first appeared in July 2008, was estimated to have as many as 800,000 PCs under its control and made its owners millions of dollars.

Koobface clan

The social networking giant later awarded the University of Alabama at Birmingham’s Information Assurance and Joint Forensics Research (CIA|JFR) $250,000 for its help on stopping the Koobface worm doing more significant damage.

But despite the best efforts of the tech community, the has been a resurgence of interest in the malware, according to McAfee’s report.

“The resurrection of Koobface reminds us that social networks continue to present a substantial opportunity for intercepting personal information,” said Vincent Weafer, senior vice president of McAfee Labs.

Toralv Dirro, McAfee Labs EMEA security strategist, told TechWeekEurope: “We were surprised to see Koobface come back after the original ring behind the worm was exposed last year. We’re not sure whether it’s the same worm being run by different people, or if it’s simply a very similar threat, but Facebook’s security team is being active in trying to combat any kind of malicious activity on the network.”

Koobface’s comeback has highlighted another trend: old malware returning to cause trouble.

Trend Micro said last month it had seen a spike in the number of Zeus banking Trojans doing the rounds, with a sudden surge in activity in February, which has continued unabated.

The Pushdo malware has caught the attention of researchers too, which has come back in new strains containing clever code to mask the crooks’ command and control servers, querying legitimate websites as well as the attackers’ domains to make its C&C traffic blend in with regular traffic.

Overall McAfee said there had been a steady growth in mobile malware, with 50,926 samples, up from 38,000, and a “rapid increase in general malware” in the first quarter of 2013.

Worldwide spam doubled during the quarter too, “as it makes a comeback after more than a year of decline”, McAfee’s report read.

The Intel-owned security firm counted 1.9 trillion messages in March, lower than record levels but about twice the volume of December 2012.

What do you know about Internet security? Find out with our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

14 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

16 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

18 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

18 hours ago