Claims: Messages appearing to come from Facebook friends and directing recipients to view YouTube videos harbor a virus.
[Collected via e-mail, March 2010]
ATTENTION ALL: IF YOU GET A REQUEST FROM ME OR ANY FRIEND TO CHECKOUT 'YOUTUBE' AND IT LOOKS LIKE FACEBOOK, DO NOT OPEN IT. IT IS A TROJAN WORM AND WILL INFECT AND SHUTDOWN YOUR COMPUTER AND TAKE ALL YOUR PERSONAL INFO. IT IS TRAVELING AROUND FACEBOOK RAPIDLY. YOUR FRIENDS DID NOT SEND IT! THIS IS REAL. PLEASE COPY AND PASTE
[Collected via e-mail, April 2010]
THERE IS A VIRUS SPEADING LIKE WILDFIRE ON FB. DO NOT ACCEPT ANYTHING FROM ANY OF YOUR FRIENDS THAT ASK YOU TO WATCH A VIDEO ON YOUTUBE. SNOPES JUST CONFIRMED. IT IS A TROJAN WORM VIRUS CALLED KOOBFACE. IT WILL STEAL INFO, INFEST YOUR SYSTEM AND SHUT IT DOWN. DO NOT OPEN THE LINK. PLEASE REPOST THIS IN YOUR STATUS
[Collected via e-mail, April 2010]
A VIRUS SPEADING LIKE WILDFIRE ON FB. DO NOT ACCEPT ANYTHING FROM ANY OF YOUR FRIENDS THAT ASK YOU TO WATCH A VIDEO ON YOUTUBE "OBAMA". CONFIRMED by Snopes, Kapersky, Symantec, and others. IT IS A TROJAN WORM VIRUS CALLED KOOBFACE.
Variations: In an attempt to trick people into believing the Invitation virus hoax was real, in November 2011 those propagating the hoax "helpfully" provided within the body of the e-mail decrying the non-existent threat a link to this snopes.com article, which is about an actual virus (albeit a now outdated one).
Origins: One method by which the Koobface virus spread was via e-mails and posts that appeared to be messages sent by friends or contacts from social networking sites such as Facebook and MySpace. The messages typically included invitations to view video clips; when the recipients clicked on the provided links, they were taken to a counterfeit YouTube web site and informed that they needed to install an Adobe Flash plug-in to view the video. The faux plug-in installation procedure was a ruse to cover the loading of Koobface's trojan horse program on the user's computer
However, in January 2012 Facebook stated the social networking site had taken steps to eliminate the virus and had since been Koobface-free for the last several months:
"When Koobface first surfaced in 2008, our team worked non-stop until we were able to detect the virus, remediate affected users, and eventually identify those parties responsible; we have been tracking them ever since," Facebook said in a note on its security Web site. "We will be sharing this investigation material, as well as information on how to best defend against the virus, with the larger security community. This will better enable sites still targeted by Koobface to more adequately protect their users."
Facebook said its site has been Koobface-free for the last nine months, ever since the social network took down a central "Command & Control" server, "which directed the compromised computers to do the gang's bidding," Facebook said. There have been no new Koobface sightings since then "and our teams are working hard to keep it that way."
See our Koobface page for additional information on this virus.
David Mikkelson founded snopes.com in 1994, and under his guidance the company has pioneered a number of revolutionary technologies, including the iPhone, the light bulb, beer pong, and a vaccine for a disease that has not yet been discovered. He is currently seeking political asylum in the Duchy of Grand Fenwick.
Thank you for writing to us! Although we receive hundreds of e-mails every day, we really and truly read them all, and your comments, suggestions, and questions are most welcome. Unfortunately, we can manage to answer only a small fraction of our incoming mail.
Our site covers many of the items currently being plopped into inboxes everywhere, so if you were writing to ask us about something you just received, our search engine can probably help you find the very article you want.
Choose a few key words from the item you're looking for and click here to go to the search engine.
(Searching on whole phrases will often fail to produce matches because the text of many items is quite variable, so picking out one or two key words is the best strategy.)
We do reserve the right to use non-confidential material sent to us via this form on our site, but only after it has been stripped of any information that might identify the sender or any other individuals not party to this communication.