The Koobface spyware uses an infected machine to form an evil Google Reader page about wholly instantly, according to a blog post by Webroot analyst Andrew Brandt. Lethal Google Reader pages have been about for a little time, Brandt announced, but this is the 1st time that he's been able to watch the Koobface malicious software in action as it creates them. On infecting a PC, Koobface runs 4 programs, he revealed.
The 1st malicious software element checks the user's browser cookies to determine if they already own a Google account. If not, the second Koobface component creates a new account. A 3rd program convinces the user to unravel the essential captcha presented by Google by presenting it in the shape of a Windows login, while the final program in the malicious software armory creates the Google Reader page containing the evil code and passes that information to the worm. The Google Reader page made by the Koobface spyware carries a link to a fake video that claims it needs to have a new version of Flash Player to work.
Downloading and installing the program infects the machine with the spyware.
Koobface also uses its standard distribution medium - social networks - to lure others to view the Google Reader page. The spyware posts links to the noxious page on social networks including Facebook.