McAfee says it goofed over Koobface infection rates

Share this article:
McAfee says it goofed over Koobface infection rates
McAfee says it goofed over Koobface infection rates

The prevalence of the Koobface worm, best known for its rampage through Facebook and MySpace a few years back, continues to decline, McAfee now admits.

The security company said it erred when it reported last week as part of its first-quarter threat report that rates of the malware dramatically were climbing.

McAfee said it initially declared a resurgence because what it believed were unique samples of Koobface actually turned out to be instances where part of the worm's underlying code was packaged as part of other binary files and malware, said McAfee researcher Craig Schmugar in a blog post. 

"Besides the number of changes made to a malware's code base, sample counts can also be influenced by repacking of the same underlying code (a common evasion tactic used by malware distributors), garbage data or junk instructions added to binaries, and other forms of server or client polymorphisms (such as self-modifying code or web server scripts that result in a unique binary being served with each download)," he wrote. 

"These factors led to our Koobface statistics being off by a large margin," he continued, adding that Koobface remains in a "continuing decline" since Facebook outed the group behind the threat 18 months ago.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

ISSA tackles workforce gap with career lifecycle program

ISSA tackles workforce gap with career lifecycle program ...

On Thursday, the group launched its Cybersecurity Career Lifecycle (CSCL) program.

Amplification DDoS attacks most popular, according to Symantec

Amplification DDoS attacks most popular, according to Symantec

The company noted in a whitepaper released on Tuesday that Domain Name Server amplification attacks have increased 183 percent between January and August.

Court shutters NY co. selling security software with "no value"

A federal court shut down Pairsys at the request of the Federal Trade Commission.