Talk:Koobface

Innaccurate statement
The "to gather sensitive information from the victims such as credit card numbers. " is completely false. In the report publishes by Infowar (http://www.infowar-monitor.net/reports/iwm-koobface.pdf) it was confirmed by the the research group who dissected the workings of this malware that the creators of koobface never stole financial data. —Preceding unsigned comment added by Mrbrt86 (talk • contribs) 20:09, 14 November 2010 (UTC)

Advertisement?
The "Microsoft removal tool fixes this, and has also fixed over 800,000 variants of other bad things" seems out of place. I'm going to cut it out of the page. If anyone has any objections, kindly put them here before reverting my edit. —Preceding unsigned comment added by 68.100.220.174 (talk) 20:08, 31 March 2010 (UTC)

Split up Facebook and MySpace variants

 * The article, as written, primarily discusses Facebook. The MySpace and Facebook variants should be separated into different sections, with more content added regarding the MySpace variant. I'd do it myself but I don't have the time at the moment. Just leaving this here in case someone else can get to it before I can. Cheers, Caben42 (talk) 22:51, 5 December 2008 (UTC)

How is this a worm?
How could this possibly be a worm? It looks just like the ordinary virus to me, except it spreads through Facebook. Users have to voluntarily download and run the payload in order to be infected. So, this is in no way a worm, or a problem with Facebook/Myspace. It's just users choosing to run the wrong program. Totally over-hyped. 81.227.146.172 (talk) 01:40, 27 January 2009 (UTC)

Is it detected by antispyware scans? —Preceding unsigned comment added by 83.189.186.49 (talk) 22:53, 4 March 2009 (UTC)

It doesn't spread through Facebook in Myspace, people are just tricked into downloading the software, which then spreads throughout the Windows folder. Sounds like a worm to me. —Preceding unsigned comment added by 98.235.159.187 (talk) 22:29, 25 April 2009 (UTC)

The definition of a worm says that it spreads without human activity. Classically (Morris worm) this spreading was through security vulnerabilities. Koobface does not exploit security holes - it tricks the users into installing it, much like the original Trojan Horse. I agree this is not so much a worm. The security vulnerability is between the keyboard and the chair. :) 65.94.17.233 (talk) 15:31, 14 October 2009 (UTC)

I got infected with this worm
I think there are other ways of getting this virus off of facebook.. I just joined facebook a couple of weeks ago and have already been infected with the Koobface worm.. However i never recieved any strange message from anyone, nor was i ever promted to download adobe flash player.. I never ever download things from the interenet, nor would i ever approve an upgrade of my flashplayer off an unfamiliar website.. I have been racking my brain trying to figure out how this happened.. It took me about 3 days to clean my computer out after i was infected.. And I had more then just the Koobface worm in my computer, i also had numerous trojan horses that all showed up in my computer after joining facebook.. And have no idea why my virus program did not pick it up, i had to get a new antivirus program and also had to scan my computer with Malwarbytes to get rid of them.. --Ltshears (talk) 17:56, 24 May 2009 (UTC) The same thing happened to me on facebook and Malwarebytes did the trick it seemed. 9-10-2009
 * Ltshears account looks highly suspect to me. Don't take ant-virus advice from strangers on Wikipedia; malwarebytes (or a misspelling!) could be a trojan anti-virus application, yes they exist. Facebook has a help facility and a security page with recommended anti-virus and malware scanners, their info is far less likely to be compromised - facebook.com/security. Pbhj (talk) 13:54, 16 November 2009 (UTC)
 * See Malwarebytes' Anti-Malware.--Auric (talk) 18:48, 16 November 2010 (UTC)
 * WP:Crystal BallJasper Deng (talk) 05:23, 30 January 2011 (UTC)

Name change
I think we should change the name of this article (and the virus itself) to Cafebook. RocketMaster (talk) 20:47, 18 January 2010 (UTC)

a DNS filter program
That's not what the external link says. What the external link says is that Koobface includes an element which alters your DNS settings to use a rouge DNS server. If so, and however it is achieved, there is no 'filtering' going on in the downloaded compenent —Preceding unsigned comment added by 218.214.18.240 (talk) 03:12, 8 August 2010 (UTC)

Effectiveness against Linux?
I ran several tests with Koobface and various Linux distros.

It appears that infection requires the user to literally click on "Run" button when the Java Applet opens a new dialog window. IF the user clicks "Cancel" button; infection does not occur at all!

As well, if a user of a Linux system reboots (or shuts down the system and starts it up again at a later time); the infection is undone. This is because there was no intention to specifically write the malware for Linux; so no start-up script or component was included. —Preceding unsigned comment added by 114.76.184.117 (talk) 05:04, 14 November 2010 (UTC)

Semi-protected edit request on 26 June 2015
Ankitnayyar92 (talk) 19:42, 26 June 2015 (UTC)

If you want to suggest a change, please request this in the form "Please replace XXX with YYY" or "Please add ZZZ between PPP and QQQ". Please also cite reliable sources to back up your request, without which no information should be added to, or changed in, any article. - Arjayay (talk) 21:33, 26 June 2015 (UTC)
 * Red information icon with gradient background.svg Not done: as you have not requested a change.

Scams
There is a push by a certain group of individuals from an unknown source trying to add the dubious claim that "only Cisco certified technicians" can clean a Koobface infection. This is clearly wrong as all mainstream anti-virus applications should remove it. This repeated addition of dubious information is what lead me to apply semi-protection on the article. -- Gogo Dodo (talk) 19:31, 29 June 2015 (UTC)


 * I found out the origin of the "only Cisco certified technicians" edits. Some Technical support scams are referring targets to this Wikipedia article as "proof" of their claims . I'm sure they are claiming that they are "Cisco/Microsoft certified technicians" and only they can fix it for a price. That explains why most of the IP edits were from India. -- Gogo Dodo (talk) 03:35, 30 July 2015 (UTC)


 * Probably would be good to add a yellow warning box on the top about scams? When scammers have control over the pc they'll hardly scroll down further to the "Hoax" section --95.148.104.132 (talk) 11:29, 14 May 2016 (UTC)

Semi-protected edit request on 29 September 2015
Koobface is fake and not related to any hackings

Dannylangley (talk) 20:25, 29 September 2015 (UTC)


 * Red information icon with gradient background.svg Not done: As the article notes, even though Koobface is invoked in hoax threats, there is an actual worm. —C.Fred (talk) 20:27, 29 September 2015 (UTC)

Semi-protected edit request on 21 November 2015
Home It Master Is the Only Company that can resolve this issue'''

Snk1234 (talk) 23:30, 21 November 2015 (UTC)
 * Red information icon with gradient background.svg Not done: please provide reliable sources that support the change you want to be made.
 * Also as mentioned above, any anti-virus program should be able to remove it and claiming that only one particular company can fix it is a known hoax. We would need a pretty solid reliable source to put any information like that into this article. --Stabila711 (talk) 00:17, 22 November 2015 (UTC)

Semi-protected edit request on 30 December 2015
koobface can only be fixed by a cisco certified technicians and no IT technicians can fix it !!

Peterwright777 (talk) 19:51, 30 December 2015 (UTC)
 * Red information icon with gradient background.svg Not done: Hoax/scam. Not going to happen. --Majora (talk) 19:57, 30 December 2015 (UTC)

Semi-protected edit request on 3 February 2016
Point of Origin Afganistan, Russia, Pakistan, India, Nigeria, Bangladesh, United States of America.

182.75.128.138 (talk) 20:10, 3 February 2016 (UTC)
 * Red information icon with gradient background.svg Not done: please provide reliable sources that support the change you want to be made. --allthefoxes (Talk) 20:16, 3 February 2016 (UTC)

Semi-protected edit request on 5 June 2016
Please add in the BEGINNING PARAGRAPH that: Koobface is also a known way for tech support scammers to trick people into thinking they need protection for their computer or network. Plaindinks (talk) 21:59, 5 June 2016 (UTC)
 * Having it mentioned is fine, there is no need for it being at the TOP of the article. - Champion (talk) (contribs) (Formerly TheChampionMan1234) 05:32, 6 June 2016 (UTC)

Semi-protected edit request on 7 June 2016
please remove tech support scammers

Waytobrijesh (talk) 20:37, 7 June 2016 (UTC)


 * Red information icon with gradient background.svg Not done: please establish a consensus for this alteration before using the template. It will not be removed because it is spoiling their scams. -- Gogo Dodo (talk) 20:40, 7 June 2016 (UTC)

Semi-protected edit request on 8 June 2016
203.110.93.131 (talk) 21:17, 8 June 2016 (UTC)
 * Red question icon with gradient background.svg Not done: it's not clear what changes you want to be made. Please mention the specific changes in a "change X to Y" format. Cannolis (talk) 22:12, 8 June 2016 (UTC)

Semi-protected edit request on 9 June 2016
I want to remove the second para which says " Koobface is also used by technical support scammers to fraudulently claim to their intended victims that they have a virus on their computer ". I feel offended aftet reading this.

Sumitsharma123 (talk) 15:48, 9 June 2016 (UTC)
 * ❌. We don't remove sourced content just because you feel offended. And why would you feel offended anyway? Are you related to User:Sumittech123 who recently tried to remove critical comments about scammers? Are you one of the scammers? Boing! said Zebedee (talk) 16:18, 9 June 2016 (UTC)

Semi-protected edit request on 14 June 2016
i need to remove some information which i found wrong and illogical.

Wasimjamia (talk) 23:34, 14 June 2016 (UTC)
 * Red question icon with gradient background.svg Not done: it's not clear what changes you want to be made. Please mention the specific changes in a "change X to Y" format.  Edgars2007  (talk/contribs) 03:58, 15 June 2016 (UTC)

Semi-protected edit request on 5 July 2016
please replace "Koobface is also used by technical support scammers to fraudulently claim to their intended victims that they have a virus on their computer.[7][8][9]" by " Koobface infection often misleads the user by showing false virus warning alert that causes the user to install new software from pop up that often leads to data theft." because often apple and microsoft customers files complaint against legit companies to think of them as a scam.

Akshay.justice (talk) 19:03, 5 July 2016 (UTC)


 * Red information icon with gradient background.svg Not done: please provide reliable sources that support the change you want to be made. -- Gogo Dodo (talk) 19:10, 5 July 2016 (UTC)

Semi-protected edit request on 30 September 2016
victor 122.176.185.176 (talk) 22:18, 30 September 2016 (UTC)

122.176.185.176 (talk) 22:18, 30 September 2016 (UTC)


 * Red information icon with gradient background.svg Not done: It's not clear what you want changed or what source backs it up. —C.Fred (talk) 22:24, 30 September 2016 (UTC)

Semi-protected edit request on 9 March 2017
Neelansh1992 (talk) 18:12, 9 March 2017 (UTC)
 * Red information icon with gradient background.svg Not done: No change requested. Boing! said Zebedee (talk) 18:20, 9 March 2017 (UTC)

External links modified
Hello fellow Wikipedians,

I have just modified 2 external links on Koobface. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
 * Added archive https://web.archive.org/web/20160409214608/http://kdminer.com/main.asp?SectionID=1&SubSectionID=797&ArticleID=69540 to http://kdminer.com/main.asp?SectionID=1&subsectionID=797&articleID=69540
 * Added archive https://web.archive.org/web/20120914015420/http://www.infowar-monitor.net/reports/iwm-koobface.pdf to http://www.infowar-monitor.net/reports/iwm-koobface.pdf

When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.

Cheers.— InternetArchiveBot  (Report bug) 19:00, 7 May 2017 (UTC)

Semi-protected edit request on 10 October 2017
Immike12 (talk) 04:48, 10 October 2017 (UTC)I have some other important information about this infection that i would like to share with othere users through page.
 * Red information icon with gradient background.svg Not done: this is not the right page to request additional user rights. You may reopen this request with the specific changes to be made and someone will add them for you, or if you have an account, you can wait until you are autoconfirmed and edit the page yourself. Nihlus 04:58, 10 October 2017 (UTC)

External links modified
Hello fellow Wikipedians,

I have just modified one external link on Koobface. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
 * Added archive https://web.archive.org/web/20110722131124/http://community.ca.com/blogs/securityadvisor/archive/2009/05/31/the-allure-of-social-networking.aspx to http://community.ca.com/blogs/securityadvisor/archive/2009/05/31/the-allure-of-social-networking.aspx

When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.

Cheers.— InternetArchiveBot  (Report bug) 06:39, 12 December 2017 (UTC)

Semi-protected edit request on 30 April 2018
220.227.144.205 (talk) 16:00, 30 April 2018 (UTC) ❌ - please specify what you want to add, remove or modify. 78.26 (spin me / revolutions) 16:12, 30 April 2018 (UTC)

History?
this article seems to be entirely missing a history section, which is strange considering this worm has quite a lot of it. Theres an entire multi-part investigation by Sophos about it here and a paper by IEEE here jonas (talk) 14:43, 30 July 2021 (UTC)