Are Facebook And Microsoft Joining Forces To Tackle Koobface?

Facebook have turned to Microsoft, specifically the Microsoft Malware Protection Center (MMPC), to help fight the Koobface virus which first started plaguing the social networking site last summer.


Koobface spreads itself via email, using enticing email links designed to trick the reader into clicking links that install the virus (read more about Koobface)


Not only does Koobface lead to stolen Facebook accounts but it also installs malware onto the target computer and it is becoming an ever-increasing menace.

For this reason the Facebook security team implemented some measures to slow the spread of Koobface –

  • Deletion of content generated by the worm
  • Blocking of Wall posts which contain links to known phishing sites
  • Use of automated systems in order to detect abuse on the site quicker than before
  • Posting of updates on the Facebook Security Page

However, these measures have proven to be unsuccessful in eradicating Koobface once and for all.

This is because the virus is not isolated within Facebook – it infects computer and operating systems allowing it to exist outside of the social networking site – thereby meaning it can launch fresh attacks whenever the target machine logs into Facebook again, or even when it simply connects to the internet.

This fact led Facebook to Microsoft who’s Windows operating system is by far the most used by their visitors.


The collaboration between Facebook and MMPC led to Microsoft adding security patches to fix machines that has been infected by the Koobface virus.

These patches are available through Windows Update.

The patch has proven to be highly effective so far, having removed Koobface over 200,000 times in just a fortnight.

It is hoped that, by working together, Facebook and Microsoft can stop the virus from spreading any further both within Facebook and elsewhere.

One potential stumbling block, however, is that Koobface is a polymorphic virus, meaning that it evolves and creates new variations of itself in order to evade detection and removal by anti-virus products.

So far, over 20,000 different variations of Koobface have been noted.

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.


  1. Judith Rode says:

    I think that Koobface has now moved to Pinerest.. I was infected while on their site.

  2. Ive been affented by koobface and it put a bad vedeo on my facebook and facebook said Icould not be on there because of the virus can you help

    • I don’t understand exactly what you mean but it sounds like you probably need to be sorting this issue out with Facebook themselves.

  3. Hi Ben, thanks for commenting.

    I just left a comment on your site which says that educating users is the best solution.

    I also believe that organisations may be wise to block acess to social sites in order to make their own networks secure, as well as raising productivity, though they would do well to maintain an official presence for their marketing efforts.

  4. @Malcolm
    My research documents reports of the Koobface worm infecting (or attempting to infect) workplace-related computers by way of Facebook. Employers/organizations thus have security as a reason to block social network sites like Facebook. –Ben

  5. I think Koobface is a bigger concern right now because Confiker isn’t posing any immediate threat. I have a feeling that may change in the near future though.

  6. Malcolm says:

    Do you reckon Koobface is as big a concern as Conficker may yet prove to be?


  1. […] is because Koobface is actually an anagram for the word […]

  2. […] I’ve previously written about a nasty piece of malware called Koobface that targets users of Facebook. […]

Speak Your Mind