Fact Check

'Koobface' Virus Warning

Warnings about a 'Koobface virus' spreading via Facebook are several years out of date,

Published July 13, 2008

Claim:
A trojan worm known as Koobface is "spreading like wildfire" via Facebook.

Koobface is a real piece of malware that began circulating in late 2008 via messages sent through social networking sites such as Facebook and MySpace. However, since mid-2010 warnings about Koobface circulated online have mutated into a versions which are largely hoaxes:

Virus spreading like wildfire on FaceBook!! It is a trojan worm called "koob face". It will steal your info, invade your system and shut it down! Do NOT open the link "Barack Obama Clinton Scandal"! If "SmartGirl15" adds you, don't accept it; it is a virus. If somebody on your list adds her then you get the virus too!! Copy and paste to your wall.

Koobface is not "spreading like wildfire" on Facebook (social networking increased their protection in the wake of such malware outbreaks, so Koobface largely stopped using them as a means of transmission), there is no evidence that Koobface was ever widely spread via "Barack Obama Clinton Scandal" messages, and the warning about "SmartGirl15" was just another updating of another long-running Internet hoax.

Back in 2008, the Koobface e-mails arrived with subject lines such as "You look so amazing funny on our new video" and "You look just awesome in this new movie" and offered recipients links to video sites that appeared to contain movie clips. When users followed the links and attempted to play those videos, however, they got error messages informing them that they need to download a file to update their Adobe Flash Flash software, and that download (flash_player.exe) contained malicious Koobface code:

Facebook sent the following instructions to users whose accounts may have been compromised:

We have detected suspicious activity on your Facebook account and have reset your password as a security precaution. It is possible that malicious software was downloaded to your computer or that your password was stolen by a phishing website designed to look like Facebook. Please carefully follow the steps provided:

Run Anti-Virus Software: If your computer has been infected with a virus or with malware, you will need to run anti-virus software to remove these harmful programs and keep your information secure. For Microsoft:

https://www.microsoft.com/protect/viruses/xp/av.mspx
https://www.microsoft.com/protect/computer/viruses/default.mspx

Sources

Kopytoff, Verne.   "Koobface Computer Virus Attacks Facebook Users."     San Francisco Chronicle.   5 December 2008.

Wauters, Robin.   "Koobface Virus Still Making the Rounds on Facebook."     The Washington Post.   5 December 2008.

David Mikkelson founded the site now known as snopes.com back in 1994.