from:
http://latimesblogs.latimes.com/technology/2008/12/koobface-virus.htmlA screen capture of the offending Web page from McAfee's virus directory. Reports circulated today about a virulent piece of malware making its way around Facebook, a major hub of the social Web with 120 million users. Because of its walled-off internal e-mail system, Facebook has long been a tough target for spammers and other fraudsters, but the "Koobface" virus is a sign that the relative viral calm on the site -- which just today announced an ambitious program to extend its services outside its own tight perimeter -- may have been a luxury.
The virus' most insidious property is that users receive the offending message from a friend: On Facebook, only people whom users have explicitly approved as friends can send them e-mails.
The Koobface e-mails have a subject like "You look so amazing funny on our new video," and contain a link to a YouTube-like video site that appears to contain a movie clip (see image). The video, however, doesn't play, and the website then asks the user to update his or her video software by downloading a file. It's that file that contains the malicious code.
"Unfortunately, users are very trusting of messages left by 'friends' on social networking sites. So the likelihood of a user clicking on a link like this is very high," said Alexander Gostev, a security analyst at Kaspersky Lab, in a several-month-old blog entry about the virus. "At the beginning of 2008 we predicted that we'd see an increase in cyber-criminals exploiting MySpace, Facebook and similar sites, and we're now seeing evidence of this. I'm sure that this is simply the first step, and that virus writers will continue to target these resources with increased intensity."
A variant of the Koobface virus was reportedly circulating on MySpace earlier this year but has been eliminated after new security measure were put in place.
Facebook has posted limited instructions about how to remove the virus on its security page: In essence, users should install one of several available anti-virus programs, and be sure to change your Facebook password here.
http://latimesblogs.latimes.com/technology/2008/12/koobface-virus.html