McAfee says it goofed over Koobface infection rates

Share this article:
McAfee says it goofed over Koobface infection rates
McAfee says it goofed over Koobface infection rates

The prevalence of the Koobface worm, best known for its rampage through Facebook and MySpace a few years back, continues to decline, McAfee now admits.

The security company said it erred when it reported last week as part of its first-quarter threat report that rates of the malware dramatically were climbing.

McAfee said it initially declared a resurgence because what it believed were unique samples of Koobface actually turned out to be instances where part of the worm's underlying code was packaged as part of other binary files and malware, said McAfee researcher Craig Schmugar in a blog post. 

"Besides the number of changes made to a malware's code base, sample counts can also be influenced by repacking of the same underlying code (a common evasion tactic used by malware distributors), garbage data or junk instructions added to binaries, and other forms of server or client polymorphisms (such as self-modifying code or web server scripts that result in a unique binary being served with each download)," he wrote. 

"These factors led to our Koobface statistics being off by a large margin," he continued, adding that Koobface remains in a "continuing decline" since Facebook outed the group behind the threat 18 months ago.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.

Professor says Google search, not hacking, yielded medical info

Professor says Google search, not hacking, yielded medical ...

A professor of ethical hacking at City College San Francisco came forward to clarify that he did not demonstrate hacking a medical center's server in a class.

Syrian Malware Team makes use of enhanced BlackWorm RAT

Syrian Malware Team makes use of enhanced BlackWorm ...

FireEye analyzed the hacking group's use of the malware, dubbed the "Dark Edition" of BlackWorm.