The truth about the Facebook Knob Face worm

Filed Under: Facebook, Malware, Social networks

Humans - dontcha just love 'em? And there are about 500 million of them on Facebook, and occasionally they try and help their fellow homo sapiens by sharing warnings about a new virus or worm storming across the network.

Here's an example that I've seen many times in the last week or so:

Warning about the Knob Face worm

"Virus spreading like wildfire on Facebook!! It is a Trojan worm called "Knob Face". It will steal your info, invade your system and shut it down! DO NOT open the link "Barack Obama Clinton scandal". If "Smartgirl 15" adds you, don't accept it; it is a virus. If somebody on your list adds her then you will get the virus too!! Copy and paste to your wall please"

Let's look at this bit by bit, and see if we can get to the truth.

1. There isn't a virus (or indeed a "Trojan worm" - whatever that is..) called "Knob Face". There is a family of malware called Koobface, but it seems to me that "Knob Face" is an unfortunate spelling mistake.

Most variants of the warning that I've seen spreading do refer to "Koob face" which I suppose is a lot more helpful, and significantly less chortle-worthy.

2. Although it is possible for malware authors to hide their attacks disguised as sex videos of the rather unlikely coupling of Hillary Clinton and Barack Obama, the only references to "Barack Obama Clinton Scandal" we're seeing on Facebook right now is in the form of these widespread warnings not malware attacks.

3. As I've mentioned on this blog before - the warning about "Smartgirl 15" (sometimes Smartgrrl15") is a hoax which is showing no signs of dying off. Well-meaning Facebook users are perpetuating the bogus warning to look out for the user, believing they are helping their friends.

Book face
So, in summary, what you have here is a widespread warning about a virus called "Knob Face" (the wrong name), which includes two inaccurate pieces of information about how you can identify the attack.

In other words, it's no use at all as a warning. You would be much wiser to keep your anti-virus software up-to-date (to protect against the Koobface worm), take care about what programs you run and links you click on (for instance, be suspicious of links to sexy videos), and read our guide for better privacy and security on Facebook.

Please don't share virus warnings with your online friends until you have checked them with a credible source (such as an established computer security company). Malware can be killed off fairly easily, but misinformation like this can live on for months, if not years, because people believe they are "doing the right thing" by sharing the warning with their friends.

If you're a regular user of Facebook, be sure to join the Sophos page on Facebook to be kept informed of the latest security threats.

* Image source: Max-B's Flickr photostream (Creative Commons)

, , , , ,

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.