More social networks targeted by Koobface

Since we started monitoring the Koobface family of malware, we’ve seen it move from simply attacking Facebook users to targeting a more diverse set of social networks, including MySpace, Bebo, hi5, and GeoCities.

A few months ago I blogged about this family of malware directing people to websites that used a script to check which of these sites had sent you there. Since then we’ve seen similar code but with more social networks added to the list, including Friendster and Tagged, as shown in the following code snippets:

Social Networks 1

Social Networks 2

The aim is to serve up malware specifically tailored to the networks of which you’re known to be a member (though in fact at the moment these links all result in the same executable).

It’s clear that malware authors now have a wide range of social networks in their sights.