A long-dormant virus aimed directly at Facebook struck Thursday, spreading quickly via the social network. What's surprising isn't that Koobface hit Facebook so hard. It's that it took so long to do it.
How Koobface works: A Facebook user gets a message from a friend telling them to view a clip, with a subject line like, "You look so amazing funny on our new video." Unbeknownst to the recipient, the friend's computer has been infected, and the virus has commandeered their Facebook account. After clicking the link, the user gets a message saying Adobe Flash needs to be updated. Instead of a Flash update, the Koobface virus gets downloaded, and the infection spreads. Koobface then commandeers not just Facebook accounts but online-banking logins, credit-card numbers, and the like, profiting criminal gangs.
Variants of Koobface have been reported since August, when it struck MySpace. MySpace's anything-goes website proved more vulnerable than Facebook; profile messages are littered with spam, so it was easy for Koobface to commandeer accounts and leave messages which pointed people to websites which could infect their PCs. Facebook was also affected, but the infection was quickly controlled.
It's not entirely clear why this Koobface outbreak hit critical mass. But enough has changed since August that it's not entirely surprising. Facebook itself is partly to blame. Facebook PR has been touting increasing viewing of video on the site. That behavior was exploited by virus writers' use of a clip as a lure. Facebook's growing user base — more than 120 million, at last count — makes for an attractive target, and more fertile ground for a computer infection to spread.
But I think it goes deeper. The very premise of Facebook is the viral spread of ideas among networks of friends. When a friend joins a group, shares a news story, or watches a clip, you get a message in your news feed. Facebook's hoping to profit from this behavior by helping advertisers spread these stories faster. The real problem with Koobface isn't that it's doing something Facebook disapproves of — it's that Facebook's not getting a cut.