McAfee says it goofed over Koobface infection rates

Share this article:
McAfee says it goofed over Koobface infection rates
McAfee says it goofed over Koobface infection rates

The prevalence of the Koobface worm, best known for its rampage through Facebook and MySpace a few years back, continues to decline, McAfee now admits.

The security company said it erred when it reported last week as part of its first-quarter threat report that rates of the malware dramatically were climbing.

McAfee said it initially declared a resurgence because what it believed were unique samples of Koobface actually turned out to be instances where part of the worm's underlying code was packaged as part of other binary files and malware, said McAfee researcher Craig Schmugar in a blog post. 

"Besides the number of changes made to a malware's code base, sample counts can also be influenced by repacking of the same underlying code (a common evasion tactic used by malware distributors), garbage data or junk instructions added to binaries, and other forms of server or client polymorphisms (such as self-modifying code or web server scripts that result in a unique binary being served with each download)," he wrote. 

"These factors led to our Koobface statistics being off by a large margin," he continued, adding that Koobface remains in a "continuing decline" since Facebook outed the group behind the threat 18 months ago.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Popular Science served up Rig Exploit Kit on its website

The monthly science magazine served up malicious code to readers earlier this week and has remedied the issue.

Deloitte releases paper on vetting leaks, avoiding costly hoax

Deloitte releases paper on vetting leaks, avoiding costly ...

The research presents techniques for distinguishing legit data leaks from false claims.

Attack on White House systems breached unclassified networks

The White House experienced a sustained cyberattack on its systems that impacted its network for nearly two weeks.