How many times have you been told that when one door closes, another one opens? Probably a whole bunch, but what no one ever bothered to disclose is that this idiom isn't always an inspirational motivator to carry on with life and can sometimes apply to those with less scrupulous intentions. Case in point: a security firm warns that the Koobface worm is no longer spreading through social networks and is now slithering its way across BitTorrent sites.
According to Trend Micro's research, the Koobface botnet is spreading through Trojanized torrent files and/or a new Koobface component called tor2.exe. Trend Micro detects the latter as WORM_KOOBFACE.AV, and once a user executes the file, the worm sends an HTTP request to its C&C to download a torrent file. That's the first step. The next step involves firing up uTorrent unbeknownst to the user as a background process and proceeding to grab the dirty files referenced in the torrent file.
"Unwitting users looking for pirated copies of popular software such as games, PC utilities, or productivity software are in for a surprise, as these Trojanized software torrents are found on popular torrent sites," Trend Micro warns.
Trend Micro says it's discovered the Koobface worm lurking in pirated copies of WinRAR, Adobe Lightroom, Dark Ritual, and many more. Those who think they're safe to download pirated software because they're sitting behind an AV wall should think again. Trend Micro says Koobface uses several binaries and encryption to avoid detection by AV programs.