Kolab worm, the facebook virus
Remarkably, this facebook virus doesnt take advantage of Facebook Apps, so Facebook administrators cant stop this virus compared with other viruses that rely Facebook Apps. Since mid-August until now many computer users are already infected by the attack of this worm / rootkit, and the variant is detected by Norman Security Suite as W32/Kolab.xx.
Another surprising thing is the spreading of the Kolab worm. Virus security agencies reported that there were dozens of variants that possessed Kolab, and sinceits emergence in August and September 2011, not many anti-virus applications that can detect this facebook virus.
Generally, Facebook users will get a chat message containing link that seemed to lead to a picture of a particular site. If a link is clicked the image file that is the actual virus body will be downloaded to a PC and executed. At this point the PC is likely infected with Kolab.
The problem is, Kolab doesnt run on a process or service belongs to Windows, making it difficult to find and turn it off. He ride on the SVCHOST.EXE file of Windows. If forced to stop, then Windows will have failed to process and display the Blue Screen of Death (BSOD). Although this facebook virus is not running on processes or services belong to Windows, Kolab worm is able to utilize the file SVCHOST.EXE to do a broadcast to a specific IP address.