Attention: We have transitioned to a new AAD or Microsoft Entra ID from the week of May 20, 2024. In case your tenant requires admin consent, please refer to this document located at Overview of user and admin consent - Microsoft Entra ID | Microsoft Learn and grant access to App ID: 6ba09155-cb24-475b-b24f-b4e28fc74365 with graph permissions for Directory.Read.All and User.Read for continued access. While the app may appear unverified, you can confirm its legitimacy by verifying the App ID provided.
29 entries found.
Displaying page 1
of 2.
Win32/Koobface
Windows Defender Antivirus detects and removes this threat.
Win32/Koobface is a multi-component family of malware used to compromise machines and direct them in various ways at the attacker's will.
This could include using the affected machine to distribute additional malware, generate 'pay per click' advertising revenue, steal sensitive data, break captchas, and subvert the affected user's online experience.
Its components are varied, but include a worm that spreads by utilizing social networking sites such as Facebook and MySpace.
Alert level:
severe
TrojanProxy:Win32/Koobface.gen!B
TrojanProxy:Win32/Koobface.gen!B is a generic detection for the proxy component of the Win32/Koobface family. It creates a proxy on an infected machine to redirect the users' Web browser.
Alert level:
severe
TrojanProxy:Win32/Koobface.gen!F
TrojanProxy:Win32/Koobface.gen!F is a generic detection for the proxy component of the Win32/Koobface family. It creates a proxy on an infected machine to redirect the users' Web browser.
Alert level:
severe
VirTool:WinNT/Koobface.B
VirTool:WinNT/Koobface.B is a detection for the device driver component used by other malware to monitor and redirect network connections.
Alert level:
severe
TrojanProxy:Win32/Koobface.gen!G
TrojanProxy:Win32/Koobface.gen!G is the generic detection for a DLL component of the Win32/Koobface family. It is installed as a system service and redirects the browser to an attacker-controlled server when certain legitimate Web sites are accessed.
Alert level:
severe
VirTool:Win32/VBInject.DR
VirTool:Win32/VBInject.DR is a detection for obfuscated Visual Basic compiled malicious code. The malicious code or file is usually encrypted and/or compressed, and is decrypted and decoded before it is injected into a process or dropped and executed.
Alert level:
severe
Trojan:Win32/Oficla.M
Trojan:Win32/Oficla.M is a trojan that attempts to inject code into a running process to download a rogue security program identified as TrojanDownloader:Win32/FakeScanti. It may arrive as a spammed e-mail attachment to a message pretending to be a Facebook password reset.
Alert level:
severe
TrojanProxy:Win32/Koobface.gen!J
TrojanProxy:Win32/Koobface.gen!J is the generic detection for a DLL component of the Win32/Koobface family. It is installed as a system service and redirects the browser to an attacker-controlled server when certain legitimate Web sites are accessed.
Alert level:
severe
TrojanProxy:Win32/Koobface.gen!K
TrojanProxy:Win32/Koobface.gen!K is the generic detection for a DLL component of the Win32/Koobface family. It is installed as a system service and redirects the browser to an attacker-controlled server when certain legitimate Web sites are accessed.
Alert level:
severe
VirTool:WinNT/Koobface.gen!E
VirTool:WinNT/Koobface.gen!E is a generic detection of a kernel-mode device driver component used by other malware to intercept and manipulate DNS queries, TCP/UDP connections, and other traffic. The malware can redirect DNS results and block network connections and traffic.
Alert level:
severe
TrojanDropper:Win32/Koobface.N
TrojanDropper:Win32/Koobface.N is the detection for the malware dropper component of certain members of the Win32/Koobface family. It drops and installs the proxy and driver components.
Alert level:
severe
VirTool:WinNT/Koobface.gen!F
VirTool:WinNT/Koobface.gen!F is a detection for a driver component that is used by other malware to redirect TCP connections to specified addresses.
Alert level:
severe
VirTool:WinNT/Koobface.P
VirTool:WinNT/Koobface.P is a device driver used by variants of Win32/Koobface to divert web traffic to a web search hijacker component.
Alert level:
severe
TrojanProxy:Win32/Koobface.AL
TrojanProxy:Win32/Koobface.AL is a trojan that hijacks web search results. When users click on a result, they are diverted to a third-party search engine that may not display correct search results.
Alert level:
severe
Worm:Win32/Koobface.gen!G
Worm:Win32/Koobface.gen!G is a generic detection for various components used by the Win32/Koobface family. This malware family spreads via social networking sites and may download and install arbitrary files. Some of its components hijack web searches to generate pay-per-click revenue, install additional malware such as rogue security software, and may also steal sensitive information. Its components are varied, but include a worm that spreads by utilizing social networking sites such as Facebook and MySpace.
Alert level:
severe
Backdoor:Win32/Koobface.A
Worm:Win32/Koobface.A is a worm that may spread when a user logs into their profile account on the Internet social network sites 'MySpace' or 'Facebook'.
Alert level:
severe
Worm:Win32/Koobface.I
Worm:Win32/Koobface.I is a worm that spreads via Facebook, Friendster, and other social networking Web sites.
Alert level:
severe
Worm:Win32/Koobface.gen!A
Worm:Win32/Koobface.gen!A is a generic detection for a worm spreads when a user logs into their profile account on the Internet social network sites 'MySpace', 'Facebook' and others.
Alert level:
severe
Worm:Win32/Koobface.gen!C
Worm:Win32/Koobface.gen!C is a generic detection for worms that spread via social networking sites such as Facebook and MySpace.
Alert level:
severe
Worm:Win32/Koobface
Microsoft security software detects and removes this worm.
Worm:Win32/Koobface is a worm that spreads by posting messages, containing a link to the worm, to the pages of other contacts on social network sites such as Facebook.com.
The worm can download and run other malware that could include updates of the worm.
The worm can also display pop-up messages or windows that attempt to lure users to install rogue security software.
Alert level:
severe