Facebook's 'Koobface' Security Challenge

At NYT, "Attacker That Sharpened Facebook’s Defenses." I've seen these a couple of times. Don't click 'em if you see 'em:

A friend on Facebook suggests that you watch an amazing or funny or sexy video. The link may seem innocuous enough. But with a few simple clicks, you could end up infecting your PC with the Koobface worm.

Koobface, whose name is an anagram for its preferred social network, is a malicious program that has plagued Facebook for more than two years, ensnaring hundreds of thousands of people and keeping the site’s security team on the defense.

The worm was Facebook’s first major security challenge and remains the most persistent threat on the site. As such, Koobface has played a big role in shaping Facebook’s approach to combating malicious software, or malware, and propelled the development of increasingly elaborate defenses.

Yet the worm continues to be a thorn in the side of Facebook’s in-house investigators, who say they are on the trail of the organized criminal group that created it but, so far, have been denied the satisfaction of arrests.

Koobface, which spreads only on social networks, appeared on Facebook in May 2008 and has hit nearly every major social network since then. While not the first or only worm to strike social sites, it is notable for the way it has relentlessly returned again and again, particularly to Facebook.

There have been 136 versions of Koobface’s main component alone, said Ryan R. Flores, a senior threat researcher at the security software company Trend Micro. By continually adapting to obstacles set up by Facebook and the security industry, “Koobface is the one that made it big,” he said.

The attacks have pushed Facebook to expand its security team, to develop a sophisticated apparatus for quickly detecting and stopping malicious activity, to create tools for talking with its users about security and to build relationships within the security industry. And the company continues to gather evidence that could help law enforcement arrest and prosecute those responsible ...

Nart Villeneuve, the report’s lead researcher, estimated that the group earned more than $2 million from June 2009 to June 2010 by delivering the victims of its worm to unscrupulous marketers and makers of fake antivirus software. He said the release of the report coincided with a multiweek effort to dismantle the group’s infrastructure and take down its “botnet,” or network of Koobface-infected PCs, though he conceded it was likely to be rebuilt.