Facebook Koobface Worm plague

Beware Facebook messages in your inbox or on your wall containing off site links and mesages like “is this u here on insertsuspectdomainhere.com” – on no account follow the link and instructions to install software as you could be infected with the Koobface worm.

If the viewer approves the Flash installation, Koobface attempts to download a program called tinyproxy.exe. This loads a proxy server called Security Accounts Manager (SamSs) the next time the computer boots up. Koobface then listens to traffic on TCP port 9090 and proxies all outgoing HTTP traffic.

This pernicious little monster will send messages attempting to entice users’ facebook friends to download the worm, can steal sensitive information and take users to “contaminated sites when they try to use search engines from Google, Yahoo, MSN and Live.com, according McAfee.”

Removal instructions for the W32.Koobface.A worm.