Earlier this month, antivirus company McAfee claimed that reports of the Koobface virus — which hijacks Facebook accounts and, in many cases, deletes them — were on the rise. McAfee did an about-face, saying that the high counts of Koobface were erroneous.
McAfee’s Craig Schmugar explained the error:
The McAfee Threats Report for the first quarter of 2013 highlighted a noteworthy increase in the number of Koobface malware samples on record. This data point is based on the number of unique malicious files associated with the Koobface family, and is generally one indicator of active malware development. Besides the number of changes made to a malware’s code base, sample counts can also be influenced by repacking of the same underlying code (a common evasion tactic used by malware distributors), garbage data, or junk instructions added to binaries, and other forms of server or client polymorphisms (such as self-modifying code or Web server scripts that result in a unique binary being served with each download). Another complication arises from what is often called a cocktail, in which a parasitic virus inhabits a host file that is itself another piece of malware.
McAfee also included a chart, showing how Koobface has steadily declined since its last spike, in 2011:
Readers: Did your Facebook account ever fall victim to Koobface?
Teaser image courtesy of Shutterstock.