Koobface targets and takes over Google Reader

The gang responsible for the Koobface worm has taken over thousands of Google Reader accounts, using it to post shared content hosting the malware.

At the last count 1,300 Google Reader accounts have been taken over, a free service offered to internet users to monitor websites for new content using RSS.

Users are able to share content from the websites that are viewing, simply by clicking the share icon on their public page.

The affected Google Reader accounts will host and share URLs containing an image that looks like a Flash movie, and which has previously spread through spam messages sent via social networking sites like Facebook and Twitter.

Once another user clicks on the image or title they will be led to a fake YouTube page that hosts the Koobface malware, which looks to install on their system through a fake Flash Player download.

"They are abusing the credibility of Google," said Trend Micro security researcher Rik Ferguson of the criminals. "When they send their spam messages across the social networks, those have a link in them which points to Google.com."

Trend Micro has been working with Google to identify the affected accounts, and the spam URLs should now be blocked.

"It's not the first time that we've seen that kind of attack, but the first time Koobface has done it," Ferguson confirmed.

He said that anything that dealt with shared content, such as a social network, could potentially fall victim to Koobface.

He warned businesses: "Social networking in the enterprise is no longer in its infancy. The opportunity is there to infect enterprise machines as well as consumer."