Infected computers of the Koobface botnet are spamming Google Reader accounts on social networking sites.
Trend Micro has detected the spamming of URLs by Koobface on social networking sites such as Facebook, MySpace and Twitter in the past, but this time it has seen an attack where a Google account is controlled by Koobface to host a page with a fake YouTube video.
When a victim clicks on the fake YouTube video it redirects them to a compromised website – which hosts another fake YouTube video. The compromised website leads to user infection, with the subsequent result of the victim becoming part of the Koobface botnet.
Trend Micro claimed that there are around 1,300 known, unique fake Google Reader accounts spammed by Koobface on social network sites.
Google Reader is a free service offered by Google that allows users to monitor websites for new content and allows the users to share new content from websites. The feature that enables users to share new content is that which the cybercriminals have abused through the spamming of malicious links.
Rik Ferguson, senior security advisor at Trend Micro, said: “Cybercriminals are taking advantage of Google's credibility by hiding their malicious links behind Google Reader. This is a new twist on the familiar Koobface infection routine where victims are asked to install Adobe Flash updates in order to view a video which appears to be shared on the Google Reader website.”
Trend Micro CTO Raimund Genes, said: “This is yet another attack where cybercriminals misuse social networking tools that were originally designed for fun, for their own profit.” Trend Micro stated that it had contacted Google about this matter to remove the malicious content.