Trend Micro TrendLabs has identified a new development in the Koobface Botnet, this time abusing the Google-owned service, Google Reader.
Trend Micro threat research continues to monitor Koobface activities, including the spamming of URLs by Koobface on social networking sites such as Facebook, MySpace and Twitter.
Early this morning, they discovered that Google Reader URLs were being spammed by Koobface on social network sites. The attack works by having a Google Account controlled by the Koobface gang, host a page with a fake YouTube video. When a victim clicks on the fake YouTube video it redirects to a compromised website – which hosts another fake YouTube video. The compromised website leads to user infection, with the subsequent result of the victim becoming part of the Koobface botnet.
At the time of writing there are around 1,300 known, unique fake Google Reader accounts spammed by Koobface on social network sites. Trend Micro has contacted Google about this incident.
“This is yet another attack where cybercriminals misuse social networking tools, that were originally designed for fun, for their own profit”, commented Trend Micro CTO, Raimund Genes.
Google Reader is a free service offered by Google that allows users to monitor websites for new content and allows the users to share new content from websites. The feature that enables users to share new content is that which the koobface gang has abused through the spamming of malicious links.