Yet another rogue app has taken the popular social-networking site by storm. The new rogue app it’s a new variant of spreading the Koobface worm, said security firm Trend Micro. The Koobface worm was unleashed last year and since then it tricked countless users into downloading the worm through bogus video links allegedly sent from friends’ profiles.

 

Here’s how the Koobface worm tricks you:

 

First you receive a message with a link and a spoofed version of YouTube. The message is supposedly from one of your friends in your Facebook contacts list. When you click the link, you’ll be taken to a site that supposedly hosts video footage of you or a celebrity. You’ll be encouraged to download an updated version of the Adobe Flash Player plug-in. By clicking install, you’ll be directed to a download site for the malicious file setup.exe which in this case is the Koobface variant known as WORM.KOOBFACE.AZ, hosted by a foreign IP address.

 

The Koobface worm then connects to a site by using login credentials from your gathered cookies. It scans your friend’s list and sends messages with a link and a copy of the worm. 

Once your PC or Mac is infected, the work records keystrokes and steals login and other sensitive information and sends it to a server. 

 

Trend Micro said there are as many as 300 operational servers that receive the sensitive information, which then can be used by attackers to perform commands on infected computers. The number of servers is expected to grow. 

 

This latest version of the Koobface worm is more complex and has “more automation built in,” said the Trend Micro, the security company that tracked the Koobface worm. 

 

"This new variant has a back end doing all the modifications," Jamz Yaneza, a senior threat analyst and researcher at Trend Micro, said in an interview.

 

Users of other social network sites such as MySpace, Bebo, Friendster, hi5, MyYearbook and Tagged.com are also threatened by the Koobface worm, said Trend Micro.

 

Rogue apps are swarming Facebook. Another one of these apps – recently tracked down by Trend Micro – displays a message that says "Closing Down! You reported them for violating their terms and policies," and after users install the application it spasm itself to the infected users’ friends.  Other messages usually read: "Error Check System" or "F a c e b o o k - closing down!!!"  Clicking on these notifications means you just sent the same message to your entire friends list.

 

This rogue app is most likely gathering personal data on the way to, said Trend Micro. 

 

The rogue app attack launched last week coincided with Facebook’s announcement that it wants to change the TOS policy and allow users to comment and vote on the redrafted terms of service and other similar documents.