Koobface Facebook Virus Defeated

Yesterday as I was opening my mail in Facebook, I received a message from a friend which contains a video. This friend became a friend of mine because we both were members of a MLM group. When I opened the video, it says my Flash Player is not updated hence I couldn't view the said video. When I clicked on the video, it prompted me to update my Flash Player and so I downloaded the program. I was shocked when it downloaded so fast and when I opened it, it did not respond.
Video with Virus in Facebook!

Copy of the message that I got from my friend from Facebook. It says it contains a "Cool Video". Cool indeed, it had me typing the captcha phrase over and over again after every 5 minutes!

Minutes later, my monitor dimmed and a pop-up box prompted me to type in the catcha phrase. If I don't my computer monitor will not be restored to its normal mode or worse, since it has a timer of 2 minutes, it will shut down my system. So what I did was type in the phrase and click on "OK". You see, it has no other options! No "x", no "Cancel" just "OK.

Virus Attack!

This catcha phrase bar keeps on popping-up every after 5 minutes after I downloaded the file which claims to upgrade my Flash Player. I had to type the phrase on the box or my computer will remain in darkness.

Another screenshot of the virus that wants me to enter the catcha phrase or it would continually dim my monitor

I thought that was the end of it, every after 5 minutes, the pop-up box would appear after freezing my applications and work for about 2 seconds then it dims my monitor then I need to type another set of catcha phrase. And so the malicious programs continued to disturbe me from what I'm doing until this early today.

I thought of reformatting my drive C: since all my Downloaded programs from the internet were stored there. But then I remembered that I have an anti-virus in place. I ran the avast! Home edition and waited. It scan the whole drives including my Recyle Bin, C: and D:

It tooks several minutes before it says there was a virus detected and unlike most cases, it does not have an option of "Repair" or "Move to Chest". So, that was it? It detected there was a virus in my system without even offering help on how to prevent it from destroying, duplicating or whatever its purposes on my files. While I was doing the scan, the pop-up was invincible. It keeps on bugging me over and over again.

When I was trying to install the Norton AntiVirus, I had to retry the installation because I think the malicious software was preventing it. As powerful as most people say Norton is, it persisted and I was able to install the trial version of it. So when I run the scan disk and set all the protection settings, I saw the viruses and trojan horses that Meagan have been enduring. Good thing about Norton was it really fights all these viruses and prevents them from harming further.

Norton AntiVirus Scan Result

Here's a screenshot of the viruses and Trojan horses that has infected my computer. Take note that Norton AntiVirus was able to defeat them all. Now, I can work without the distraction from the pop-up catcha phrase!

So Facebook users, beware of viruses being spread in the said social networking media by people who wish to maim the said site or its users. These viruses can be spread through the third-party applications aka games that you always love to play, photos, videos, or even messages from those you thought your "friends" sent. These viruses were of course, sent without their knowledge.

I kept on searching and even asking friends what AntiVirus to install since avast! didn't do its homework. Then a friend told me that Norton sure to work! I've read about it in Wikipedia, blogs and forums and decided to give it a try. Well I said if it won't work, I will just reformat Meagan. Guess what? I gotta say hands down to the newest Norton AntiVirus! It sure delivers what it promises and be able to defeat the Facebook viruses and many others. If you'd like to download the 15-day trial version of it, go here.

Characteristics of the Facebook Video Virus:

1. It freezes your applications for a few seconds then a box with catcha phrase will appear. It requires you to type in the phrase that you will see in the box. Note though what I noticed was even if the catcha phrase was (e.g Facebook 101), I tried entering just F(space) 1, it accepted it. When I typed just F, it says "Wrong Catcha!"

2. It appears after every 5 minutes. The cycle repeats and expect the virus to appear after every 5 minutes. Imagine what a disturbance would it give!

Those are just the attributes or characteristics that I've observed in this virus. Norton considers it severity as High because fewer than 100 users have used this file.

Lessons Learned

1. Do not trust every single software or program that you can "freely" download. They may turn out to be malicious programs, password stealer, spyware or any program that may harm your computer.

2. Scan the files, disks or websites that you're about to open, download, or visit using your anti-virus program. I've tried using avast! and AVG before but they're not as powerful as Norton.

3. Next time you open or click on something, think AGAIN! Remember, many attacks are pinpointed to social networking sites, so be careful! Attackers areso cunning that they use the social networking site's messaging system to send you a message and make it appear as if from someone you know like brother, mother, or anyone you'd trust and open the link. Do not trust anything right away and don't blame it to the site.

4. Don't panick, install a much better antivirus program if your old one does not seem to combat the attacks.

Update: I've just learned that this virus has been around for quite sometime. It's called Koobface because it's made to attack Facebook users due to its high volume of users. Virus developers use it to obtain vital financial information from you.


Junnjun Mendoza said...

The virus' name sounds familiar to me...hmmmm

Jonha Ducayag Revesencio said...

Why? Have you met with it before? Have you seen a message like that which I just received? Kaboobface targets only FB users.

czaroma said...

I'm becoming hooked on FB and it is through your post that I've learned about this virus. Thanks for keeping your readers informed. Now I am taking caution...

Thank you also for dropping by my blog :)

iceah said...

Hey thanx for the visit and the comment c: mabuhay ang mga anak ng mga Ilocano hehehe :p

iceah said...

Wow! haba nun ha... but very informative thanx to you dear and for having to write and share it c: also very appreciated ko din ang pagpunta mo sa mga blogs ko c: I noticed na you have the know how sa comp. My hubby does the technical side of my blogs and he was the one who really encouraged me to it kya pinabasa ko din sa kanya ito c:

Thanx so much talaga ha c:

Cecile said...

thanks for this informative post, i read your message sa blog ni Iceah; oo nga kung simno man yung gumamit ng email address ko, magaling na hacker kasi nakuha niyang mag send ng disturbing email thru my email address; kaya i changed my password na lang to make sure di na niya magagamit uli email address ko. Yup, am a Facebook user, too and it sucks, kasi may video yung friend ko na gusto ko i view pero di ko naman ma open, then all of a sudden, na freeze yung windows na nala open. grabe talaga!

Jonha Ducayag Revesencio said...

@czaroma: Kahit ako rin sobrang na hook na ako sa FB na kahit may nadetedetect ang Norton na tracking cookie, which may steal my financial information (like paypal password, email password, social networking password), sige parin..haha

Update lang kay pareng Koobface, tinitingnan nga pala kung may naka savee na password for social networking sites like Myspace, Friendster. Pag wala palang nakasave,iiwan nga lang yung system mo. I made it a habit to save my password so once it's hacked or crawled by the Trojan horse or actually it's a worm, it will exploit my system and the information it has gathered me.

Please be careful because as the Social Networking sites are taking cautions and improving their security, Koobface is also evolving and becoming more and more sophisticated and may take the form of or subjects or headings like:

"Paris Hilton Tosses Dwarf On The Street", "LOL", "My friend catched [sic] you on hidden cam", and "My home video :)" followed by a innocent Blogspot link (please see the photo I posted). Yes, it looks innocent because it's Blogspot.

It has also targeted Twitter, using not the shortened URLs like bit.ly, ow.ly or the likes but a normal again, innocent link and please be careful for it says, "My home video" or it may be "See my camera video".

Jonha Ducayag Revesencio said...


Careful lang tayo kasi yung mga hacker marami silang mga ways, don't save your passwords ng paypal nyo, online banking or email like would you like "Firefox, Chrome to save your password?". It may be convenient pero hindi kapag navirusan or na worman ka na kasi they will have access to your financial information and really exploit it. Kaya nga nila ginagawa yun para makasteal.

Hindi lang FB, yung Myspace ko naglagay sila ng link na nung inopen ko buti nalang na detect ng security nga Myspace. They suspended the link. You see, hindi natin alam iniexploit na pala account natin.

Jonha Ducayag Revesencio said...


Buti nalang walang pop-up na tulad ko, wala sigurong nakita na password ng social networking, aalis lang din naman sya. Ako kasi pala save ng password, lesson din yun sakin na wag basta basta mag trust.

Frineeze nya lang yun kasi naghalukay sya, wala syang makita kaya umalis nalang. haha..Be sure to install ng mapagkakatiwalaang anti virus at firewall.

Jonha Ducayag Revesencio said...


Mahaba ang post kasi personal talaga..notice mo pag Sponsored parang metered, pag personal nga free verse? haha..

Oo mabuhay tayong mga anak ng Ilocana

Meryl (proud pinay) said...

halo sis andito ako, nakakaanis kapag ganyang may virus na natatanggap anoh. anyway, naka pag sign up na ako dito sa adgitize. bale ang pinili ko "publisher"..tapos nag get code ako. then nilagay ko na sya sa blog ko.kindly check sa blog ko.

Meryl (proud pinay) said...
This comment has been removed by the author.
Meryl (proud pinay) said...

pahabol sis, pinili ko din un affiliate. btw, how adgitize works? basta visit lang ng blogs?etc..thanks ^_^

magicmercury said...

Thanks for visting my site

Meryl (proud pinay) said...

hi sis, andito me PNT at saka drop din ^_^

magicmercury said...

yes I do hang out with my friends for coffee.. This facebook problem could be there if you have installed norton in that also

Meryl (proud pinay) said...

hello sis, PNT dito at saka drop ^_^
musta na? bc?

Meryl (proud pinay) said...

hello sis, how's your weekend? PNT ako here at drop. ^_^

Meryl (proud pinay) said...

Halo sis, musta na dito ako PNT nanaman..at drop ^_^

Meryl (proud pinay) said...

dito nanaman me..PNT.hapi wkend sis.

Meryl (proud pinay) said...

halo sis PNT me here. nga pala congrats at ok ka na sa SS...dipende din minsan kun when sila nagchecheck ng post...minsan the same day..pero madalas ang SS nagchecheck Friday, Saturday and Sunday...US time..goodluck ^_^ nakakuha ka na ng opp sa kanila?

Meryl (proud pinay) said...

PNT nanaman here girl! ^_^

Meryl (proud pinay) said...

ec drop din