Yahoo! Answers+Indiana State University+Koobface

Yahoo! Answers+Indiana State University+Koobface. What a strange combination you may say. Well, let me explain this to you. This happened on November 2009 or maybe later, I don't remember exactly. I bet you know what Yahoo! Answers is. I'm a big fan of Yahoo! Answers and especially computer security section. As you may know, there are many questions like this "How to remove...". So, there was a question how to remove certain malware from a system for free. And the first answer was quite strange or just unusual. A user just wrote hxxp://139.102.159.201 as an answer so obviously I had to check what is this all about.

After a few seconds I saw this fake site, a copy of Facebook (old version). As you can see in the image below I supposedly had to upgrade Flash player in order to view this video file. This so-called flash player upgrade was actually a variant of Koobface worm. I reported that answer immediately to Yahoo! answers team and it was removed within 30 minutes or maybe less.



Next, I checked 139.102.159.201 using who.is tool and got the following results (see image below). OrgName: Indiana State University and what is more, Address: Office of Information Technology.



The fake Facebook page was removed the same day. However, I'm still wondering who was behind this. I guess, the truth is somewhere out there :)