Koobface hijacks DNS registry

Security experts have warned that the Koobface worm, which targets members of the Facebook social network, is now able to modify a computer's DNS registry.

The DNS (domain name server) registry is the system used by a computer to locate certain websites.

Rather than using an alphabetical URL such as www.webuser.co.uk, the DNS uses IP (internet protocol) addresses such as 64.236.47.35 to find websites.

However, if the DNS registry is altered, you can be directed to the wrong site.

Researchers at Trend Micro said that the Koobface worm had recently been downloading a new component that enabled it to change the DNS registry of a PC it had infected.

"Every time a website is visited, the domain of the website is resolved by asking the rogue DNS, which can then serve a bad IP that will redirect the unsuspecting user to a malicious or phishing site," said Ryan Flores of Trend Micro.

The bad IP address the Koobface worm is linking to is currently inactive, the company said, but Flores warned: "The rogue DNS IP has a history of hosting various malware and malicious pages before so whatever it will do when it wakes up will be anything but good."

Anyone who suspects that they have been infected by the Koobface worm should run a full scan of their PC in safe mode with an up-to-date anti-virus program.