Did Koobface Cause Twitter, Facebook Outages?

Facebook and Twitter down

A new variant of the widespread Internet worm Koobface made its debut today — just as Twitter and Facebook were hit by denial-of-service attacks .


Researchers admit it’s too early to say for sure, but some say it’s likely.

Koobface is a virulent worm that was originally designed to compromise Facebook accounts. Since last year, there have been hundreds of variants of the malware, some of which attack other Web sites.

At the very least, Koobface remains up to its old tricks.

“There is most certainly a new version of Koobface attacking Facebook users today,” Roger Thompson, chief research officer at antivirus firm AVG, said in an e-mail to InternetNews.com. “It always spoofs Facebook quite convincingly, and although Facebook works hard to shut it down as soon as it pops up, the Bad Guys are always ready with a new one. It’s part of the background noise of ‘Web 2 point Uh-oh.'”

The same worm is also attacking Twitter, other security experts noted.

“Koobface is leveraging Twitter postings to social engineer users into downloading malicious software,” Michael Sutton, vice president of security research at cloud security firm Zscaler, said in an e-mail to InternetNews.com. “However, a search of the postings (shows that the hosting provider appears to have taken down many of the pages hosting the malicious content in the form of a fake Adobe Flash Player upgrade.”

“Although Twitter has not yet commented on the cause of their current DDoS attack, it’s possible that the two are related — namely that the Koobface-related tweets are overloading Twitter servers,” Sutton added.

So far, Facebook and Twitter have both remained mum about the precise causes — or culprits — involved in today’s double downtimes.

While denial-of-service attacks are not uncommon, defending against them remains an ongoing challenge for security professionals.

“For those on the inside of a corporate Web admin department, defense against these attacks is part of the daily arsenal,” Marian Merritt, Internet safety advocate at Symantec, wrote in a blog post.

“Just a few weeks ago, the U.S. Department of Defense sent out a request for commercial products that can alert the admin staff of a distributed [DDoS] attack within 5 minutes of the event,” Merritt said.

News Around the Web