Fact Check

YouTube/Facebook Virus

Messages appearing to come from Facebook friends and directing recipients to view YouTube videos harbor a virus?

Published March 3, 2010

Claim:

Claims:   Messages appearing to come from Facebook friends and directing recipients to view YouTube videos harbor a virus.


OUTDATED


Examples:


[Collected via e-mail, March 2010]

ATTENTION ALL: IF YOU GET A REQUEST FROM ME OR ANY FRIEND TO CHECKOUT 'YOUTUBE' AND IT LOOKS LIKE FACEBOOK, DO NOT OPEN IT. IT IS A TROJAN WORM AND WILL INFECT AND SHUTDOWN YOUR COMPUTER AND TAKE ALL YOUR PERSONAL INFO. IT IS TRAVELING AROUND FACEBOOK RAPIDLY. YOUR FRIENDS DID NOT SEND IT! THIS IS REAL. PLEASE COPY AND PASTE
 


[Collected via e-mail, April 2010]

THERE IS A VIRUS SPEADING LIKE WILDFIRE ON FB. DO NOT ACCEPT ANYTHING FROM ANY OF YOUR FRIENDS THAT ASK YOU TO WATCH A VIDEO ON YOUTUBE. SNOPES JUST CONFIRMED. IT IS A TROJAN WORM VIRUS CALLED KOOBFACE. IT WILL STEAL INFO, INFEST YOUR SYSTEM AND SHUT IT DOWN. DO NOT OPEN THE LINK. PLEASE REPOST THIS IN YOUR STATUS
 


[Collected via e-mail, April 2010]

A VIRUS SPEADING LIKE WILDFIRE ON FB. DO NOT ACCEPT ANYTHING FROM ANY OF YOUR FRIENDS THAT ASK YOU TO WATCH A VIDEO ON YOUTUBE "OBAMA". CONFIRMED by Snopes, Kapersky, Symantec, and others. IT IS A TROJAN WORM VIRUS CALLED KOOBFACE.



 

Variations:   In an attempt to trick people into believing the Invitation virus hoax was real, in November 2011 those propagating the hoax "helpfully" provided within the body of the e-mail decrying the non-existent threat a link to this snopes.com article, which is about an actual virus (albeit a now outdated one).

Origins:   One method by which the Koobface virus spread was via e-mails and posts that appeared to be messages sent by friends or contacts from social networking sites such as Facebook and MySpace. The messages typically included invitations to view video clips; when the recipients clicked on the provided links, they were taken to a counterfeit YouTube web site and informed that they needed to install an Adobe Flash plug-in to view the video. The faux plug-in installation procedure was a ruse to cover the loading of Koobface's trojan horse program on the user's computer

However, in January 2012 Facebook stated the social networking site had taken steps to eliminate the virus and had since been Koobface-free for the last several months:



"When Koobface first surfaced in 2008, our team worked non-stop until we were able to detect the virus, remediate affected users, and eventually identify those parties responsible; we have been tracking them ever since," Facebook said in a note on its security Web site. "We will be sharing this investigation material, as well as information on how to best defend against the virus, with the larger security community. This will better enable sites still targeted by Koobface to more adequately protect their users."

Facebook said its site has been Koobface-free for the last nine months, ever since the social network took down a central "Command & Control" server, "which directed the compromised computers to do the gang's bidding," Facebook said. There have been no new Koobface sightings since then "and our teams are working hard to keep it that way."


See our Koobface page for additional information on this virus.

Additional information:





Koobface Remains Active on Facebook Koobface Remains Active on Facebook (McAfee)

Last updated:   17 January 2012


Sources:




    Albanesius, Chloe.   "Facebook, Researchers Reveal Gang Behind Koobface Virus."

    PC Magazine.   17 January 2012.


David Mikkelson founded the site now known as snopes.com back in 1994.