[6][7][8] Koobface ultimately attempts, upon successful infection, to gather login information for FTP sites, Facebook, Skype, and other social media platforms, and any sensitive financial data as well.
Upon receipt, the message directs the recipients to a third-party website (or another Koobface infected PC), where they are prompted to download what is purported to be an update of the Adobe Flash player.
Among the components downloaded by Koobface are a DNS filter program that blocks access to well known security websites and a proxy tool that enables the attackers to abuse the infected PC.
Several variants of the worm have been identified: In January 2012, The New York Times reported[20] that Facebook was planning to share information about the Koobface gang, and name those it believed were responsible.
They include Stanislav Avdeyko (leDed), Alexander Koltyshev (Floppy), Anton Korotchenko (KrotReal), Roman P. Koturbach (PoMuc), Svyatoslav E. Polichuck (PsViat and PsycoMan).
Various anti-scam websites such as Snopes.com and ThatsNonsense.com have recorded many instances where alarmist messages designed to fool and panic Facebook users have begun to circulate prolifically using the widely publicized Koobface threat as bait.