Facebook - Koobface worm adds DNS Hijacking and Fake AV capabilities

Koobface (Facebook spelled backwards) is a common attack in social networks.  It is designed to steal personal information for misuse and resides in a stealth-like manner on infected systems. New variants continue to emerge as documented by AVERT Labs below.  Usually it is spread through invitiations to click on a malicious link (usually video links).  Facebook users should protect their privacy settings and avoid clicking on URLs or accepting folks they don't know as friends.

AVERT LABS - Koobface Going for Broke?
http://www.avertlabs.com/research/blog/index.php/2010/07/16/koobface-going-for-broke/

QUOTE: The Koobface worm has been one of the top malicious threats to Facebook users since 2008. Like most threats, Koobface has morphed over time, adding and changing malicious payloads, while maintaining the ability to propagate, or spread, from one system to another.  Several weeks ago Koobface added DNS hijacking functionality that blocks access to security sites, tipping users off to the fact that something might be wrong with their systems. Since then the authors have taken a giant leap toward invasiveness with the installation of a fake anti-virus Trojan. About 10 minutes after the initial infection, users may see the typically fake scanning windows and infection alerts.

AVERT LABS - More Koobface URLs Plague Users
http://www.avertlabs.com/research/blog/index.php/2010/07/16/more-koobface-urls-plague-users/

QUOTE: McAfee Labs researchers have seen a noticeable spike in URLs leading to Koobface malware. (Koobface is an anagram of Facebook.) The latest, unexpected Koobface campaign spreads by tricking Facebook users into downloading and running links

ADDITIONAL LINKS
http://en.wikipedia.org/wiki/Koobface
http://blog.eset.com/2010/04/07/massive-new-koobface-campaign
http://blog.scansafe.com/journal/2010/4/9/how-massive-is-koobface-really.html
http://blog.fortinet.com/tag/koobface/
http://blog.teesupport.com/how-to-guide-remove-koobface/