Security researchers at Trend Micro were aghast that a new variant of the infamous Koolface was infiltrating into Facebook through the sites Direct Message feature. The spam lured users into a malignant site by making them believe that their video was posted on YouTube.

The perpetrators of this act used bad English, as is mostly always the case. The URL is not too well concealed but does contain first domain name of Facebook.The URL does take you to the Facebook site since the type is http://www.facebook.com/!/: which is a Facebook preview page for external links.

If you have been led down this path and should you click on the ugly link you would be swiftly directed to a webpage containing an image of the YouTube player asking for a Flash Update. If you are unlucky to click anywhere on the image, you will be unconscious collaborating in installing what Trend Micro would name as WORM_ KOOBFACE.

According to its Technical Communications Specialist, Jonathon Leopando the malignant site is hosted on several IPs having a common payload and designed to install malware in a user’s system. This was an action similar to that of earlier KOOBFACE variants and one of them, TROJ_JORIK D downloads a web server on to the victims computer. Well softpedia.com did predict the KOOBFACE chain on the 5th Of July.

Trend Micro experts tell us that it is the chief and perhaps the longest living worm. The worm typically attacks the login details and spams all the networking contacts of a particular account. The coding of the spam is complex and has a video code or Flash player update to lure the unhappy victims.

In order to be immune to the attacks yourselves, Trend Micro suggest that users logout of Facebook when not actively using the application.