Koobface is a social-network-focused worm and botnet malware family that became prominent in the late 2000s, especially for spreading through compromised Facebook accounts. It targeted Windows systems and used social-engineering lures delivered through social platforms to trick users into executing malicious content. Once installed, Koobface propagated by abusing victims’ social-network relationships, enabling rapid spread across online communities. It is widely recognized as both a worm and a botnet-associated threat from the 2008–2009 period. Koobface is frequently cited among notable malware and botnets of that era. Reporting has also linked it in some commentary to the same broader cybercriminal milieu associated with other financially motivated malware families, although such attribution is not firmly established here.
Mallory pivots from this family to the IOCs, detections, and named campaigns that touch your stack, and pages you when something new lands.
2 distinct techniques documented for this family, organized by ATT&CK tactic.
16 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
A Facebook-spreading worm mentioned only as historical background/comparison to current social-media-focused phishing activity.
Malware 2009 Conficker Koobface Waledac
2009 Conficker Koobface
Koobface is described in the article as a computer worm. The scam caller used its name as the purported infection on the victim's system to justify remote access and payment demands.
Match every observed IP, domain, and hash against your live telemetry.
Named campaigns wielding this family, with evidence pinned to each claim.
CVEs this family uses for access and lateral movement.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Every documented technique, ranked by evidence weight.
Reddit, Mastodon, and CTI community discussion around this family.