McAfee says it goofed over Koobface infection rates

Share this article:
McAfee says it goofed over Koobface infection rates
McAfee says it goofed over Koobface infection rates

The prevalence of the Koobface worm, best known for its rampage through Facebook and MySpace a few years back, continues to decline, McAfee now admits.

The security company said it erred when it reported last week as part of its first-quarter threat report that rates of the malware dramatically were climbing.

McAfee said it initially declared a resurgence because what it believed were unique samples of Koobface actually turned out to be instances where part of the worm's underlying code was packaged as part of other binary files and malware, said McAfee researcher Craig Schmugar in a blog post. 

"Besides the number of changes made to a malware's code base, sample counts can also be influenced by repacking of the same underlying code (a common evasion tactic used by malware distributors), garbage data or junk instructions added to binaries, and other forms of server or client polymorphisms (such as self-modifying code or web server scripts that result in a unique binary being served with each download)," he wrote. 

"These factors led to our Koobface statistics being off by a large margin," he continued, adding that Koobface remains in a "continuing decline" since Facebook outed the group behind the threat 18 months ago.

Share this article:

Sign up to our newsletters

More in News

Brazilian president signs internet 'Bill of Rights' into law

Brazilian president signs internet 'Bill of Rights' into ...

President Dilma Rousseff signed the legislation on Wednesday at the NetMundial conference in Sao Paulo.

Android trojan sends premium SMS messages, targets U.S. users for first time

Android trojan sends premium SMS messages, targets U.S. ...

An SMS trojan for Android, known as FakeInst, has been observed sending premium SMS messages to users all over the world, including, for the first time, the United States.

Report: DDoS up in Q4 2013, vulnerability scanners leveraged to exploit sites

Report: DDoS up in Q4 2013, vulnerability scanners ...

Researchers observed 346 DDoS attacks in the final quarter of 2013 and attackers used Vega and Skipfish vulnerability scanners to exploit web flaws at financial companies.