Koobface worm creates Facebook accounts to spread

According to TrendLabs, there is a new Koobface component that makes Internet Explorer create Facebook accounts. It automates the whole process – the browser registers the account, confirms and activates the registration via Gmail, joins random Facebook groups, adds friends, posts messages to their walls…

It actually does a good job at imitating a person starting its Facebook account – the details it provides are complete, credible and vary from account to account: photo, birth date, favorite movies, religious views, etc. These details are picked up from one of the botnet’s available proxy domain.

Another “smart” Koobface feature is that after it has created the account, it makes sure not to surpass the maximum number of friend requests allowed by Facebook, so it doesn’t raise the suspicions of its administrators.

The messages that the account posts on friends’ walls usually has a link that, if clicked, takes the unsuspecting user to a site that hosts the Koobface loader.