Koobface — the long-running worm which first appeared 12 months ago — is
being customised by hackers to crack security systems on website hosting
services, and so allow it to auto-create its own web pages.
According to Andrew Brandt, a security researcher with Webroot, the
auto-captcha utility has been greatly enhanced, allowing the Koobface worm to
check whether an infected user has a Google or Blogspot account.
And, if theKoobface worm detects that an infected user does not have an
account, the malware will create one automatically, he said.
Koobface is now also capable of creating Google Reader pages on the fly,
allowing the worm to create infected web pages which can be cross-reference in
messages and wall postings infecting more people, Brandt added.