Beware Of The New Facebook Virus – Koobface

A new virus is on the prowl and it’s looking to make contact with Facebook’s 120 million users.

Unsurprisingly, the virus is designed to acquire sensitive information, such as credit card details.



This new virus, named ‘Koobface‘, spreads itself by sending messages to inboxes whilst pretending to be from a Facebook friend.

The content of the email itself will appear to be enticing, complete with a link entitled ‘you look funny in this new video’ or something similar.

If you click on that link you could be forgiven for thinking that you really were being redirected to a video as you are then asked to watch a ‘secret video by Tom’.

Attempting to play that video, however, will prompt a dialogue box to appear which tells the user that they need to download a more modern version of Adobe’s Flash Player.

That action is how the virus finds it’s way in.

Credit Card Theft

Once installed, the virus can then steal credit card details in one of two ways –

  • by waiting for the user to complete an online transaction and then storing the data or
  • by searching the host computer for cookies which may have retained credit card information from prior transactions


Obviously, the best solution to ensure that you do not become infected with Koobface is to have a good, and updated, anti-virus program running.

Secondly, employ some common sense whilst using Facebook and be wary of what links you click on in emails.

Failing that, you can search your Windows directory for 2 files – tmark2.dat and mstre6.exe.

If either of those two files are present then you can safely delete them.

Update : Here is my guide on removing Koobface.

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.


  1. you’re not infeced with a virus.
    you are tricked into running a trojan program.
    you have to be extremely stupid to actually RUN this program.

    a “good” anti-virus program is NO HELP if you are stupid enough to RUN malware programs. If antivirus-programs would have any significant protection (most user DO have GOOD antivirus programs) there would be no problem…and there REALLY are.

    why not just use your computer with other account than the one with root/administrator status?? that is extremely more protective than ANY other advices you would EVER get!

    • Unfortunately it is my experience that the average internet user, whilst not typically stupid at all, would still run malware on their machine.

      I think, therefore, that education would probably be a better alternative to a good antivirus than merely saying be careful what you run.

  2. I’m not too sure what you mean by that comment hanum???

  3. I also infected facebook virus namely “vidyartha college facebook virus”. The collage students account name passwords and profile data on facebook are changed.

  4. You’re welcome Mary.

  5. Thanks for the heads up, I’d not heard of this one.


  1. […] Malware LinksPharmers Sow The Seeds of Doubt200 Million Facebook Users Targeted In Phishing ScamBeware Of The New Facebook Virus – KoobfaceWhat Exactly Is Pharming?Are Facebook And Microsoft Joining Forces To Tackle Koobface?Email […]

  2. […] (Trend Micro) On KoobfaceMove Over Conficker, Koobface Is HereIs Koobface Coming Back For More?Beware Of The New Facebook Virus – KoobfaceAre Facebook And Microsoft Joining Forces To Tackle Koobface?What Exactly Is The Koobface Virus?How […]

  3. […] One such bomb that went off was a worm that is called Koobface. […]

  4. […] Koobface is actually the latest Internet worm which targets the popular social networking sites. […]

  5. […] of the first bits I picked up on was the talk of the Koobface virus which has been plaguing Facebook for some time […]

Speak Your Mind