So far, the IT security vendor said, Koobface has spammed URLs on social networking sites such as Facebook, MySpace and Twitter, but this development seems to be a new one.
According to Trend Micro, as of yesterday, Google Reader URLs were being spammed by Koobface on a number of social networking sites.
The attack works by having a Google Account controlled by the Koobface gang host a page with a fake YouTube video. When a victim clicks on the fake YouTube video it redirects to a compromised website - which hosts another fake YouTube video.
The compromised website leads to a user being infected, with the victim becoming part of the Koobface botnet.
Trend Micro said that there are more than 1300 known and unique fake Google Reader accounts spammed by Koobface on social network sites, and the vendor has contacted Google about the problem.
Rik Ferguson, Trend Micro's senior security advisor, said that cybercriminals are taking advantage of Google's credibility by hiding their malicious links behind Google Reader.
"This is a new twist on the familiar Koobface infection routine where victims are asked to install Adobe Flash updates in order to view a video which appears to be shared on the Google Reader website", he said.