The Tech Herald

Koobface drops offline after key members exposed

by Steve Ragan - Jan 19 2012, 19:10

Koobface drops offline after key members exposed.(IMG:J.Anderson

Earlier this week, after Sophos wrote a detailed report on the people behind Koobface, a family of Malware that takes its name from its original target, the command and control servers used by the gang have halted operations. In addition, the members exposed by the Sophos report have started deleting the breadcrumbs online that allowed researchers to discover them in the first place.

The Sophos researchers worked for more than two years, and on Tuesday, published names, locations, photos, and known aliases, of the five men accused of operating the Koobface botnet. Less than 24-hours later, the C&C servers used by Koobface were down. As mentioned, the botnet takes its name from the original target, Facebook. Arriving on the scene in 2008, Koobface is estimated to operate more than 500,000 bots, each one representing a compromised PC. For those interested, Sophos’ report is here.

It’s believed that the men named by the Sophos report are behind the shutdown, and there is evidence that they are cleaning up after themselves, as various social profiles and other methods used for tracking them are being deleted from the Web.

In one picture, two of the men named in the report checked-in on Foursquare, allowing researchers to not only snag a photo of them, but follow their travel patterns around Russia. The collective data taken from Foursquare can be placed into Google, allowing for a detailed pattern of travel to be checked and referenced. At this stage, the removal of social profiles, and other miscellaneous information from the Web will do little to help the five men named.

Ryan McGeehan, speaking on behalf of Facebook's security team, is quoted by several media outlets as calling the C&C shutdown exciting.

“The thing that we are most excited about is that the botnet is down. Our decision to become transparent about this has had a 24-hour impact. Only time will tell if it's permanent but it was certainly effective,” he said.

Unfortunately, despite the information made available by the research, Russia’s anti-Cybercrime unit, the Interior Ministry's K Directorate, cannot investigate or take any action. This is because Facebook has yet to make a formal complaint.

“An official request needs to be filed to the K Directorate first, and when it's filed, we will certainly investigate and work on it,” a representative told Reuters.

“The request must come from the victim, that is Facebook. Because anyone can say or write anything, but it is all unfounded so far. Even if it turns into a criminal case, the investigative unit will decide on possible charges. It is hard to hypothesize on a possible sentence right now.”

Around the Web

Comment on this Story

comments powered by Disqus

From Autosaur.com

Car Games Update August 30th

We have added a few new games to the car games section of Autosaur. First up is the Car Eats...

2015 Toyota Tundra TRD Pro Prices

Toyota have announced prices for their 2015 Tundra TRD Pro, based on the Tundra it includes ...

2015 Toyota Tundra TRD Pro Pictures

Toyota recently announced prices for the 2015 Toyota Tundra TRD Pro. We have added some...

2015 Dodge Challenger Mopar Challenger Drag Pak Pictures

Mopar have been showing off their 2015 Mopar Challenger Drag Pak test vehicle at the Nationa...

Ford Customers Test 2015 F-150

Ford have selected four customers from the 15,000 who applied to be first to test the latest...