Koobface variant is resurfaced again. This time this virus is not only back but with added sophisticated and behaves like an usual Facebook user.

According to TrendMicro, it automates the following routines: Firstly register a Facebook account, and confirm an email address in GMail in order to activate the registered Facebook account. Unlike previous Koobface component, this new Koobface component is joining random Facebook groups, adding Facebook friends and even go further to post messages to Facebook friends’ walls.

Additionally, the profile created by this new Koobface component now appear to be a well-designed and yet completed profile page, with photo, birth date, favorite music, and favorite books, are all filled up in the respective column.

In the meantime, Facebook will need to crack down on the malicious links since the message posted on the Wall by this virus are directed to the usual bogus Facebook homepage or YouTube page hosting the Koobface loader component. For users, the best advice is to be cautious when confirming the friend requests, and don’t simply following the links posted on your Wall.

Source: available at http://www.trendmicro.com/vinfo/images/20091110_koobface_fb.gif, accessed November 10, 2009

Update November 22, 2009: This virus is probably still around as one of my friends’ Wall did appeared a similar message, as shown in the below picture.

If you’re using Windows, you probably have heard of Malicious Software Removal Tool (MSRT). It is a quality antivirus solution to be delivered to the Windows PCs as part of the Automatic Updates package each month.

A good news is that now it’s more safer to use Windows-based PCs to access Facebook as Koobface, a
particularly nasty virus have been included as one of the major virus and worm families being added to the MSRT.

“In working with Facebook, we were able to add detection of Koobface to our Malicious Software Removal Tool (MSRT), which checks computers running Windows software to detect and remove viruses.” Jeff Williams, a Principal Group Program Manager for the Microsoft Malware Protection Center, wrote in a guest post on the Facebook blog.

Meanwhile, the MSRT has also removed Koobface nearly 200,000 times from over 133,677 computers in more than 140 different locales around the world in just two weeks, he wrote.

I’m not sure whether this is a good sign for the Facebook and its users. More security issues would mean that Facebook is large enough as a viable target for the spammers or scammers. And on the other end, the new Koobface worm as reported by TrendMicro security blog more or less helped the users be prepared “not to” download any software that prompted on the site. This is due to the same bait can’t work twice to the same people as this malware is being promoted in a similar manner as happened before in August 2008.

Here’s another good news: Despite the ongoing malware attack on Facebook, the issue will be resolved. Trust Facebook.