Debunking email hoaxes and exposing Internet scams since 2003!


Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share









Issue 111 - February 2011 - Page 17

Pages in this month's issue:
  1. 2011 Date Oddity - Birth Year Plus Age Equals 111
  2. False Rumour - US Post Office To Destroy African American Stamps
  3. Bigpond Database Upgrade Phishing Scam
  4. Hoax - Facebook Shutting Down on March 15
  5. Protest Message About Bedfordshire Police Rules Regarding Muslims
  6. Coca Cola Survey Phishing Scam
  7. Hoax Reports Claim Three Giant Spaceships Heading for Earth
  8. ATO Activity Statement Refund Phishing Scam
  9. 'My First St@tus' Rogue Facebook Application
  10. Facebook Deleting Inactive Users Hoax
  11. Hoax Warning - Anthrax in Tide Detergent Packs
  12. Hoax - University of Kentucky Removes Holocaust From Curriculum
  13. Facebook Trojan Email - 'Your Password is Changed'
  14. DNA Test Kit Scam Warning
  15. Phone Text Message Lottery Scams
  16. Question About eBay Item Phishing Scam
  17. Knob Face Trojan Worm Warning Message
  18. 'See Everyone Who Views Your Pr@file' Rogue Facebook Application
  19. McDonald's Survey Phishing Scam Email
  20. Parrot Flower Photographs
  21. AAAAAAA@AAA.AAA - First Address Book Entry Virus Control Hoax
  22. Evan Trembley Missing Child Hoax

Issue 111 Start Menu

Previous Article            Next Article

Knob Face Trojan Worm Warning Message

Outline
Message spreading via Facebook warns about a "Trojan worm" called Knob Face and advisers recipients to avoid adding a user called "Smartgirl 15". It also warns users to watch out for links labelled "Barack Obama Clinton scandal".



Brief Analysis
This warning is inaccurate and highly misleading. The warning is apparently derived from concerns about a genuine security threat known as Koobface. However, because this message contains so much false and misleading information, it is in no way a valid warning about Koobface. Sending on the message will do nothing more than confuse users and diffuse the usefulness of genuine warnings about Koobface. If you receive this message, please do not repost it to others.

Bookmark and Share
Detailed analysis and references below example.



Scroll down to submit comments
Last updated: 4th January 2011
First published: 14th July 2010
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer


Example
ATTENTION!!!!!!-Virus spreading like wildfire on Facebook!!

It is a Trojan worm called "Knob Face". It will steal your info, invade your system and shut it down! DO NOT open the link "Barack Obama Clinton scandal". If "Smartgirl 15" adds you, don't accept it; it is a virus. If somebody on your list adds her then you will get the virus, too!! Copy and paste to your wall please!!



Detailed Analysis
This warning message is circulating rapidly around social networking website, Facebook. According to the message, a "Trojan worm" by the name of "Knob Face" is "spreading like wildfire" on Facebook. The message warns Facebook users not to open links about a supposed "Barack Obama Clinton scandal". It also warns users not to add a user named "Smartgirl 15" to their contact list. Supposedly, "Smartgirl 15" is actually a virus and adding "it" to your contact list will infect your computer along with the computers of all your contacts.

However, this warning contains false information and is highly misleading. The warning is apparently a mutated and invalid derivative of warnings concerning a genuine computer security threat known as "Koobface", an anagram of "Facebook". Some earlier versions of the warning do refer to "Koobface" rather than "Knob Face". However, even those versions that correctly name the threat get the rest of the information so fundamentally wrong that the warning is virtually useless as a means of informing users about the real Koobface worm.

There are no credible reports that suggest that Koobface is currently being distributed via links pertaining to a supposed scandal involving Barack Obama and Hilary Clinton. However, it should be noted that a rogue Facebook application titled Barack Obama EXPOSED was at one point luring unsuspecting users via links that supposedly displayed a video about the "Barack Obama-Hillary Clinton Scandal". Clicking the "video" link installed the application, which then spread itself by automatically posting links on Facebook that appeared to have been sent by the person who installed the application. However, while the advice in the message not to open links pertaining to a "Barack Obama Clinton scandal" is worth heeding, this small element of truth does not validate the warning message as a whole. Clicking the "scandal" link installed a rogue application that spammed other Facebook users and may have directed users to malicious websites. However, the link did not install a "trojan worm" called Knob Face (or Koobface) nor did it invade your system, steal information and shut down your computer.

In reality, the Koobface worm users a variety of tactics to fool social networkers into downloading malware, not just links pertaining to one particular subject such as a political scandal. Some strains of this worm, which target users of Facebook, MySpace, Bebo, and other social networking websites, send out messages that invite recipients to click a link to view a video. Those who clicked the link may be taken to a bogus website that claims that they must update a plugin or other component in their browser before they can view the video. However, the supposed update actually installs a worm that can login to the user's social networking accounts via information stored in cookies and automatically send more bogus invitations to the user's friends. Koobface is an ongoing threat that is likely to continue evolving and targeting Facebook users and other social networkers for some time to come.

Moreover, the information about a supposed virus disguised as a user with the name "Smartgirl 15" has no basis in fact whatsoever. The "Smartgirl 15" warning is just one more in a long line of absurd hoaxes that claim that you can allow a hacker or a virus on to your computer just by adding a specified name to your contact list. From time to time some prankster simply adds a new username or email address to the hoax and sends it on. As the following older version reveals, these silly hoaxes use very similar phrasing and make the same bogus claims:
if somebody called Cobie_mutch_60 adds u to dont accept it. Its a virus. Tell everyone on u r msn coz if somebody on r list adds them u get the virus too. copy and paste it to everyone AND fast
The supposed threats described in these hoaxes are technically impossible. The messages suggest that just accepting a person as a "friend" on your contact list will give the virus access to your computer along with the computers of everyone else on your list as well. This is total nonsense. The messages imply that the username itself is a virus. This is not possible. To be infected, some sort of file transfer needs to take place. If an account was configured to automatically accept files from a contact list, then it is possible that a virus could be sent by this new and sinister "contact". But even if the virus was sent in this way, the recipient would still have to explicitly open the file before a computer was infected.

Another misleading claim in the "Knob Face" warning is that the "virus" will shut down the infected computer. However, disabling the compromised computer is certainly not the goal of the criminals who distribute the real Koobface. Their goal is to use the infected computer to spread the worm to other users, create ongoing connections with other compromised computers, download other malware components and display advertisements on the compromised computers via hijacked search queries. Thus, these criminals are not about to shut down infected computers and thereby make them inaccessible.

Thus, spreading this garbled and inaccurate "warning" will serve only to spread misinformation and confusion among social network users. Certainly Koobface is real, along with many other security threats that target Facebookers. However, the inaccuracies and falsehoods contained in this "Knob Face" message mean that it has no merit or validity as a warning whatsoever and should not be reposted.

Bookmark and Share References
Cockeyed 'Knob Face' confusion masks real malware threat
The truth about the Facebook Knob Face worm
Koobface variant worms across social networking sites
Koobface malware makes a comeback
MSN Contact List Virus Hoax
Simon Ashton Email Hacker Hoax
W32.Koobface



Previous Article            Next Article

Issue 111 Start Menu

Pages in this month's issue:
  1. 2011 Date Oddity - Birth Year Plus Age Equals 111
  2. False Rumour - US Post Office To Destroy African American Stamps
  3. Bigpond Database Upgrade Phishing Scam
  4. Hoax - Facebook Shutting Down on March 15
  5. Protest Message About Bedfordshire Police Rules Regarding Muslims
  6. Coca Cola Survey Phishing Scam
  7. Hoax Reports Claim Three Giant Spaceships Heading for Earth
  8. ATO Activity Statement Refund Phishing Scam
  9. 'My First St@tus' Rogue Facebook Application
  10. Facebook Deleting Inactive Users Hoax
  11. Hoax Warning - Anthrax in Tide Detergent Packs
  12. Hoax - University of Kentucky Removes Holocaust From Curriculum
  13. Facebook Trojan Email - 'Your Password is Changed'
  14. DNA Test Kit Scam Warning
  15. Phone Text Message Lottery Scams
  16. Question About eBay Item Phishing Scam
  17. Knob Face Trojan Worm Warning Message
  18. 'See Everyone Who Views Your Pr@file' Rogue Facebook Application
  19. McDonald's Survey Phishing Scam Email
  20. Parrot Flower Photographs
  21. AAAAAAA@AAA.AAA - First Address Book Entry Virus Control Hoax
  22. Evan Trembley Missing Child Hoax