Trend Micro Security Advisory - Koobface Abuses Google Reader

Published November 10th, 2009 - 01:19 GMT

Trend Micro TrendLabs has identified a new development in the Koobface Botnet, this time abusing the Google-owned service, Google Reader.

Trend Micro threat research continues to monitor Koobface criminal activities, including the spamming of URLs by Koobface on social networking sites such as Facebook, MySpace and Twitter.

Early this morning, they discovered that Google Reader URLs were being spammed by Koobface on social network sites.  The attack works by having a Google Account controlled by the Koobface gang, host a page with a fake YouTube video.  When a victim clicks on the fake YouTube video it redirects to a compromised website – which hosts another fake YouTube video.  The compromised website leads to user infection, with the subsequent result of the victim becoming part of the Koobface botnet.

At the time of writing there are around 1,300 known, unique fake Google Reader accounts spammed by Koobface on social network sites. Trend Micro has contacted Google about this incident.

“This is yet another attack where cybercriminals misuse social networking tools, that were originally designed for fun, for their own profit”, commented Trend Micro CTO, Raimund Genes. 
Google Reader is a free service offered by Google that allows users to monitor websites for new content and allows the users to share new content from websites. The feature that enables users to share new content is that which the cybercriminals have abused through the spamming of malicious links.
For further information and images, please visit

Users of the Trend Micro Smart Protection network are already protected from this incident.  Any user concerned they may have been compromised can use Trend Micro free clean up tools such as HouseCall or RU Botted.  Prevention tools such as Web Protection Add-On can also help avoid further infection.  Tools are available at

© 2000 - 2019 Al Bawaba (

You may also like