Debunking email hoaxes and exposing Internet scams since 2003!


Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share









Issue 105 - August 2010 - Page 14

Pages in this month's issue:
  1. Mars, Earth - Closest Approach in Recorded History
  2. Falsely Attributed Quote - A Norman Rockwell Moment
  3. Telstra Bill Account Update Phishing Scam
  4. Scammers Pose as Microsoft Tech Support Workers to Hijack Computers
  5. Laptop Fire Death Warning Email
  6. Verified By Visa Banking Incident Phishing Scam
  7. St. Augustine Find - Huge Eastern Diamondback Rattlesnake
  8. Free Blackberry Storm for Forwarding Hoax
  9. Five Headed Cobra Hoax Images
  10. AOL Update Billing Information Phishing Scam
  11. Kevin Rudd Fire the Cattle Guards Hoax
  12. Resignation Of Barack Obama Virus Hoax
  13. Decorative Magnets on Refrigerators - Cancer Warning Hoax
  14. Knob Face Trojan Worm Warning Message
  15. Face Book Promotion Advance Fee Scam
  16. BlackBerry RIM Inactive Account Hoax
  17. Circulating Request - Help Pooja Find Her Parents
  18. Black in the White House Virus Hoax
  19. 1954 Home Computer Hoax
  20. Debbie Shwartz Charity Hoax

Issue 105 Start Menu

Previous Article            Next Article

Knob Face Trojan Worm Warning Message

Outline
Message spreading via Facebook warns about a "Trojan worm" called Knob Face and advisers recipients to avoid adding a user called "Smartgirl 15". It also warns users to watch out for links labelled "Barack Obama Clinton scandal".



Brief Analysis
This warning is inaccurate and highly misleading. The warning is apparently derived from concerns about a genuine security threat known as Koobface. However, because this message contains so much false and misleading information, it is in no way a valid warning about Koobface. Sending on the message will do nothing more than confuse users and diffuse the usefulness of genuine warnings about Koobface. If you receive this message, please do not repost it to others.

Bookmark and Share
Detailed analysis and references below example.



Last updated: 14th July 2010
First published: 14th July 2010
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer


Example
ATTENTION!!!!!!-Virus spreading like wildfire on Facebook!!

It is a Trojan worm called "Knob Face". It will steal your info, invade your system and shut it down! DO NOT open the link "Barack Obama Clinton scandal". If "Smartgirl 15" adds you, don't accept it; it is a virus. If somebody on your list adds her then you will get the virus, too!! Copy and paste to your wall please!!



Detailed Analysis
This warning message is circulating rapidly around social networking website, Facebook. According to the message, a "Trojan worm" by the name of "Knob Face" is "spreading like wildfire" on Facebook. The message warns Facebook users not to open links about a supposed "Barack Obama Clinton scandal". It also warns users not to add a user named "Smartgirl 15" to their contact list. Supposedly, "Smartgirl 15" is actually a virus and adding "it" to your contact list will infect your computer along with the computers of all your contacts.

However, this warning contains false information and is highly misleading. The warning is apparently a mutated and invalid derivative of warnings concerning a genuine computer security threat known as "Koobface", an anagram of "Facebook". Some earlier versions of the warning do refer to "Koobface" rather than "Knob Face". However, even those versions that correctly name the threat get the rest of the information so fundamentally wrong that the warning is virtually useless as a means of informing users about the real Koobface worm.

There are no credible reports that suggest that Koobface is currently being distributed via links pertaining to a supposed scandal involving Barack Obama and Hilary Clinton. In reality, the Koobface worm users a variety of tactics to fool social networkers into downloading malware, not just links pertaining to one particular subject such as a political scandal. Some strains of this worm, which target users of Facebook, MySpace, Bebo, and other social networking websites, send out messages that invite recipients to click a link to view a video. Those who clicked the link may be taken to a bogus website that claims that they must update a plugin or other component in their browser before they can view the video. However, the supposed update actually installs a worm that can login to the user's social networking accounts via information stored in cookies and automatically send more bogus invitations to the user's friends. Koobface is an ongoing threat that is likely to continue evolving and targeting Facebook users and other social networkers for some time to come.

Moreover, the information about a supposed virus disguised as a user with the name "Smartgirl 15" has no basis in fact. The "Smartgirl 15" warning is just one more in a long line of absurd hoaxes that claim that you can allow a hacker or a virus on to your computer just by adding a specified name to your contact list. From time to time some prankster simply adds a new username or email address to the hoax and sends it on. As the following older version reveals, these silly hoaxes use very similar phrasing and make the same bogus claims:
if somebody called Cobie_mutch_60 adds u to dont accept it. Its a virus. Tell everyone on u r msn coz if somebody on r list adds them u get the virus too. copy and paste it to everyone AND fast
The supposed threats described in these hoaxes are technically impossible. The messages suggest that just accepting a person as a "friend" on your contact list will give the virus access to your computer along with the computers of everyone else on your list as well. This is total nonsense. The messages imply that the username itself is a virus. This is not possible. To be infected, some sort of file transfer needs to take place. If an account was configured to automatically accept files from a contact list, then it is possible that a virus could be sent by this new and sinister "contact". But even if the virus was sent in this way, the recipient would still have to explicitly open the file before a computer was infected.

Another misleading claim in the "Knob Face" warning is that the "virus" will shut down the infected computer. However, disabling the compromised computer is certainly not the goal of the criminals who distribute the real Koobface. Their goal is to use the infected computer to spread the worm to other users, create ongoing connections with other compromised computers, download other malware components and display advertisements on the compromised computers via hijacked search queries. Thus, these criminals are not about to shut down infected computers and thereby make them inaccessible.

Thus, spreading this garbled and inaccurate "warning" will serve only to spread misinformation and confusion among social network users. Certainly Koobface is real, along with many other security threats that target Facebookers. However, the inaccuracies and falsehoods contained in this "Knob Face" message mean that it has no merit or validity as a warning whatsoever and should not be reposted.

Bookmark and Share

References
Cockeyed 'Knob Face' confusion masks real malware threat
The truth about the Facebook Knob Face worm
Koobface variant worms across social networking sites
Koobface malware makes a comeback
MSN Contact List Virus Hoax
Simon Ashton Email Hacker Hoax
W32.Koobface



Previous Article            Next Article

Issue 105 Start Menu

Pages in this month's issue:
  1. Mars, Earth - Closest Approach in Recorded History
  2. Falsely Attributed Quote - A Norman Rockwell Moment
  3. Telstra Bill Account Update Phishing Scam
  4. Scammers Pose as Microsoft Tech Support Workers to Hijack Computers
  5. Laptop Fire Death Warning Email
  6. Verified By Visa Banking Incident Phishing Scam
  7. St. Augustine Find - Huge Eastern Diamondback Rattlesnake
  8. Free Blackberry Storm for Forwarding Hoax
  9. Five Headed Cobra Hoax Images
  10. AOL Update Billing Information Phishing Scam
  11. Kevin Rudd Fire the Cattle Guards Hoax
  12. Resignation Of Barack Obama Virus Hoax
  13. Decorative Magnets on Refrigerators - Cancer Warning Hoax
  14. Knob Face Trojan Worm Warning Message
  15. Face Book Promotion Advance Fee Scam
  16. BlackBerry RIM Inactive Account Hoax
  17. Circulating Request - Help Pooja Find Her Parents
  18. Black in the White House Virus Hoax
  19. 1954 Home Computer Hoax
  20. Debbie Shwartz Charity Hoax