Facebook users receiving direct messages from Koobface

Every so often, the Koobface botnet mounts a campaign to increase the number of infected systems, and this latest one employs an already tried tactic.

According to Trend Micro, Facebook users receive a direct message, and the message contains a simple line of text and a link. The text reads: “Someobdy uplaod a vdieo wtih you on utbue. you shuold see”, and the link points to a Facebook page whose URL looks like this:

http://www.facebook.com/l/

{random character};{redirected URL}

ANY link poing to such an URL will bring up the Facebook preview page for external links, and if the user ignores the warnings about the potential dangers of following the link to the final destination, he will be faced with a site (hosted on several different IP addresses) apparently displaying the video:

To view the video, the user must download a Flash Player update. As you may already suspect, the offered file is a Koobface variant that proceeds to infect the system and download additional malware.