So, the March pitch from KoobFace seems to be bigger in scope...well, that's if you can derive stats from a sample-base of one, because I've personally received three pitches this time... One for FaceBook, and two for Classmates.com... but the basic pitch is the same.
It comes as an email along these lines ... : "Girls in beautiful black underwear dancing in the pub, showing off perfect bodies. Unbelievable Final!".
If you go to the webpage in the email, it looks pretty much like the site is Facebook or Classmates, because the fake site draws a bunch of content directly from the real site, like this ...
and, of course, the aim is to get you to download a fake Adobe update, which is really the worm.
Of course, if you look at the url in the browser bar, it is obviously not really FaceBook, but that's not the point. They don't expect to fool everybody .... they just want to fool enough bodies.
And, of course, it goes without saying that LinkScanner detects and blocks the fakes just fine.
Oh, and I am kidding about deriving stats from a sample-size of one. :-)
Keep safe folks,