Koobface Eyes Google Reader as a Prime Target

The Koobface botnet is back in action this time to abuse the Google-owned service Google Reader.

Koobface has taken aim at Google Reader to spam malicious URLs in social networking sites such as Facebook, MySpace, and Twitter. The Koobface gang has used controlled Google Reader accounts to host URLs containing an image that looks like a flash movie.

These URLs are spammed through the social networks and when the user opens the image or the title of the shared content, it leads to the fake YouTube page that hosts the Koobface downloader component.

Google Reader users freely monitor websites for new content and the Reader also allows the users to share content from other websites. Any online user can view these pages as they are shared to the public. Sharing a Google Reader page publicly is easy as anyone can click on the share icon in the Reader page and the content will appear on the public page.

This sharing of content is what cybercriminals have used on the Google Reader domain to spam malicious links. Up to 1,300 Google accounts have since been used for attacks. The spam URLs hosted through these accounts are now blocked.