ThreatExpert's Statistics for Net-Worm.Koobface [PC Tools]:

Net-Worm.Koobface [PC Tools] is also known as:

Threat Alias	Number of Incidents
W32.Koobface.A [Symantec]	2,281
Mal/Generic-A, Mal/KoobHeur-A [Sophos]	1,586
Worm.Win32.Koobface [Ikarus]	1,586
Net-Worm.Win32.Koobface.cln [Kaspersky Lab]	1,536
Win32/Koobface.worm.50688.C [AhnLab]	1,408
Net-Worm.Win32.Koobface [Ikarus]	475
Mal/KoobHeur-A, Mal/KoobHeur-A [Sophos]	440
Net-Worm.Win32.Koobface.cvn [Kaspersky Lab]	440
Win32/Koobface.worm.50688.D [AhnLab]	440
W32.Koobface.D [Symantec]	90
Mal/KoobHeur-A [Sophos]	64
W32.Koobface!gen1 [Symantec]	56
Mal/Generic-A [Sophos]	55
Mal/EncPk-LW [Sophos]	34
Worm:Win32/Koobface.gen!D [Microsoft]	23
Downloader [Symantec]	20
Net-Worm.Win32.Koobface.buq [Kaspersky Lab]	19
W32/Koobface.worm.gen.ah [McAfee]	16
W32/Koobfa-Gen [Sophos]	16
W32/Koobfa-Gen, Mal/KoobHeur-A [Sophos]	15
W32.Koobface!gen [Symantec]	14
Trojan-Proxy.Win32.Koobface [Ikarus]	13
Mal/FakeSpy-A [Sophos]	12
Mal/Generic-A, Mal/EncPk-LW [Sophos]	12
Rootkit.Win32.Agent [Ikarus]	12
Win32/Koobface.worm.131584 [AhnLab]	12
Win32/Koobface.worm.51200.B [AhnLab]	12
Win-Trojan/Agent.56064 [AhnLab]	12
Worm.Generic [Ikarus]	12
Net-Worm.Win32.Koobface.brr [Kaspersky Lab]	10
Net-Worm.Win32.Koobface.cta [Kaspersky Lab]	10
W32/Koobface.worm [McAfee]	10
W32/Koobface.worm.gen.ac [McAfee]	10
W32/Koobface.worm.gen.d [McAfee]	10
W32/Koobface.worm.gen.u [McAfee]	10
W32.Koobface.B [Symantec]	9
W32.Koobface.C [Symantec]	9
W32/Koobface.worm.gen.j [McAfee]	9
W32/Koobface.worm.gen.r [McAfee]	9
W32/Koobface.worm.gen.v [McAfee]	9
Mal/Koobface-A [Sophos]	8
Net-Worm.Win32.Koobface.cti [Kaspersky Lab]	8
Net-Worm.Win32.Koobface.d [Kaspersky Lab]	8
Dropper/Agent.47104.X [AhnLab]	6
Generic Proxy!m [McAfee]	6
Net-Worm.Win32.Koobface.cgk [Kaspersky Lab]	6
Net-Worm.Win32.Koobface.cjq [Kaspersky Lab]	6
Net-Worm.Win32.Koobface.cjt [Kaspersky Lab]	6
Rootkit.Win32.Agent.vir [Kaspersky Lab]	6
Trojan-Downloader.Win32.Small [Ikarus]	6
Trojan-Downloader.Win32.Small.anlx [Kaspersky Lab]	6
Trojan-Dropper.Win32.Agent.bgpi [Kaspersky Lab]	6
Trojan-Dropper.Win32.Agent.biqk [Kaspersky Lab]	6
W32/Koobface.worm.gen.o [McAfee]	6
W32/Koobfa-Gen, Troj/Koobfa-A [Sophos]	6
Win32/Koobface.worm.46592.B [AhnLab]	6
Win-Trojan/Downloader.6144.WF [AhnLab]	6
Win-Trojan/Malware.55808.I [AhnLab]	6
Generic.dx [McAfee]	5
Mal/Koobface-A, Mal/EncPk-LW [Sophos]	5
Net-Worm.Win32.Koobface.ast [Kaspersky Lab]	5
Net-Worm.Win32.Koobface.bno [Kaspersky Lab]	5
Troj/Capper-Gen [Sophos]	5
Trojan-Dropper.Agent [Ikarus]	5
Trojan-Proxy.Win32.Agent [Ikarus]	5
W32/Koobface.worm.gen.e [McAfee]	5
W32/Koobface.worm.gen.x [McAfee]	5
Worm:Win32/Koobface.W [Microsoft]	5
Net-Worm.Win32.Koobface.csa [Kaspersky Lab]	4
Net-Worm.Win32.Koobface.cse [Kaspersky Lab]	4
Net-Worm.Win32.Koobface.csh [Kaspersky Lab]	4
Net-Worm.Win32.Koobface.cuf [Kaspersky Lab]	4
Trojan Horse [Symantec]	4
Trojan.Win32.Agent [Ikarus]	4
Trojan-Downloader.Win32.Small.aoiu [Kaspersky Lab]	4
W32/Koobfa-Gen, W32/Koobfa-Gen [Sophos]	4
W32/Koobfa-Gen, W32/Koobfa-Gen, W32/Koobfa-Gen, Mal/KoobHeur-A [Sophos]	4
Win-Trojan/Downloader.15360.IO [AhnLab]	4
WORM_PKOOBF.SMQ [Trend Micro]	4
Backdoor.Win32.TinyProxy [Ikarus]	3
Net-Worm.Win32.Koobface.cmj [Kaspersky Lab]	3
Net-Worm.Win32.Koobface.csr [Kaspersky Lab]	3
Net-Worm.Win32.Koobface.csy [Kaspersky Lab]	3
Troj/Capa-Gen [Sophos]	3
Trojan.Win32.SuspectCRC [Ikarus]	3
W32/Koobface.worm.gen.g [McAfee]	3
W32/KoobFa-S [Sophos]	3
Generic Rootkit.d [McAfee]	2
Generic.dx!lux [McAfee]	2
Hacktool.Rootkit [Symantec]	2
Mal/Dial-V [Sophos]	2
Mal/EncPk-KX [Sophos]	2
Net-Worm.Win32.Koobface.ah [Kaspersky Lab]	2
Net-Worm.Win32.Koobface.awm [Kaspersky Lab]	2
Net-Worm.Win32.Koobface.bml [Kaspersky Lab]	2
Net-Worm.Win32.Koobface.bqm [Kaspersky Lab]	2
Net-Worm.Win32.Koobface.cjz [Kaspersky Lab]	2
Net-Worm.Win32.Koobface.cmc [Kaspersky Lab]	2
Net-Worm.Win32.Koobface.cuu [Kaspersky Lab]	2
Net-Worm.Win32.Koobface.eyf [Kaspersky Lab]	2

Net-Worm.Koobface [PC Tools] has the following possible countries of origin:

Origin		Number of Incidents
	Finland	56
	Australia	2
	Russian Federation	2
	Canada	1

Net-Worm.Koobface [PC Tools] is known to be created as:

%ProgramFiles%\captcha.dll

%ProgramFiles%\drv\drv.sys

%ProgramFiles%\pornotubexxx\antivirus\service.exe

%ProgramFiles%\tinyproxy\tinyproxy.exe

%Programs%\startup\ihaupd32.exe

%System%\dll32.dll

%System%\drivers\fio32.sys

%System%\fio32.dll

%System%\winagent.exe

%Temp%\pp11.exe

%Windir%\bill102.exe

%Windir%\bolivar23.exe

%Windir%\bolivar24.exe

%Windir%\bolivar26.exe

%Windir%\bolivar28.exe

%Windir%\bolivar29.exe

%Windir%\bolivar30.exe

%Windir%\che3.exe

%Windir%\fbtre6.exe

%Windir%\freddy49.exe

%Windir%\freddy51.exe

%Windir%\freddy54.exe

%Windir%\freddy63.exe

%Windir%\freddy64.exe

%Windir%\freddy71.exe

%Windir%\freddy72.exe

%Windir%\freddy73.exe

%Windir%\freddy75.exe

%Windir%\freddy77.exe

%Windir%\freddy79.exe

%Windir%\freddy82.exe

%Windir%\kenny12.exe

%Windir%\kenny15.exe

%Windir%\kenny17.exe

%Windir%\kenny18.exe

%Windir%\ld02.exe

%Windir%\ld08.exe

%Windir%\ld09.exe

%Windir%\ld10.exe

%Windir%\ld11.exe

%Windir%\ld12.exe

%Windir%\ld15.exe

%Windir%\ld16.exe

%Windir%\mstre21.exe

%Windir%\mstre24.exe

%Windir%\muchomambo01.exe

%Windir%\pp04.exe

%Windir%\pp08.exe

%Windir%\pp11.exe

%Windir%\pp12.exe

%Windir%\pp13.exe

%Windir%\pp14.exe

%Windir%\rdr_1253304947.exe

%Windir%\rdr_1256317094.exe

%Windir%\rdr_1256317144.exe

%Windir%\rdr_1256335166.exe

%Windir%\rdr_1256335252.exe

%Windir%\rdr_1256493663.exe

%Windir%\rdr_1256496822.exe

%Windir%\rdr_1256496909.exe

%Windir%\rdr_1256505392.exe

%Windir%\rdr_1256505486.exe

%Windir%\rdr_1256664957.exe

%Windir%\rdr_1256665044.exe

%Windir%\rdr_1256666925.exe

%Windir%\rdr_1256667011.exe

%Windir%\rdr_1256690986.exe

%Windir%\rdr_1256691073.exe

%Windir%\rdr_1256698400.exe

%Windir%\rdr_1256698488.exe

%Windir%\rdr_1256700754.exe

%Windir%\rdr_1256700842.exe

%Windir%\rdr_1256739016.exe

%Windir%\rdr_1256739091.exe

%Windir%\rdr_1256753521.exe

%Windir%\rdr_1256753521.exe.exe

%Windir%\rdr_1256867889.exe

%Windir%\rdr_1256867978.exe

%Windir%\rdr_1256888541.exe

%Windir%\rdr_1256893712.exe

%Windir%\rdr_1256893802.exe

%Windir%\rdr_1256943259.exe

%Windir%\rdr_1256943340.exe

%Windir%\rdr_1257022223.exe

%Windir%\rdr_1257022223.exe.exe

%Windir%\rdr_1257261624.exe

%Windir%\rdr_1257261739.exe

%Windir%\rdr_1257269132.exe

%Windir%\rdr_1257269215.exe

%Windir%\rdr_1257540746.exe

%Windir%\rdr_1257540834.exe

%Windir%\rdr_1257769921.exe

%Windir%\rdr_1257770008.exe

%Windir%\rdr_1257780952.exe

%Windir%\rdr_1257781040.exe

%Windir%\rdr_1260268147.exe

%Windir%\rdr_1260444871.exe

%Windir%\rdr_1260518795.exe

%Windir%\rdr_1260574404.exe

%Windir%\rdr_1264787015.exe

Notes:

%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
%Programs% is a variable that refers to the file system directory that contains the user's program groups. A typical path is C:\Documents and Settings\[UserName]\Start Menu\Programs.
%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
%Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.