Facebook said Tuesday that it will share the data it has collected about the group of people behind the Koobface virus that hit the social network in 2008.
Koobface targeted Facebook users via fake friend messages that encouraged people to click on links that installed a malicious worm. The messages appeared to be from someone on a user's friends list and included subject lines like "Why do you look so stupid?" and "You look just awesome in this new movie."
"When Koobface first surfaced in 2008, our team worked non-stop until we were able to detect the virus, remediate affected users, and eventually identify those parties responsible; we have been tracking them ever since," Facebook said in a Tuesday note on its security Web site. "We will be sharing this investigation material, as well as information on how to best defend against the virus, with the larger security community. This will better enable sites still targeted by Koobface to more adequately protect their users."
Facebook said its site has been Koobface-free for the last nine months, ever since the social network took down a central "Command & Control" server, "which directed the compromised computers to do the gang's bidding," Facebook said. There have been no new Koobface sightings since then "and our teams are working hard to keep it that way."
Facebook did not provide details about this "Koobface gang" in its post. But in a separate blog post, security firm Sophos said Facebook's announcement and a New York Times article prompted it to also release the Koobface data it has amassed via independent researcher Jan Dr?mer and Dirk Kollberg of SophosLabs.
"Up until now, Dr?mer and Kollberg's research has been a closely-guarded secret, known only to a select few in the computer security community and shared with various law enforcement agencies around the globe," Sophos analyst Graham Cluley said. "At the police's request we have kept the information confidential, but last week news began to leak onto the internet about Anton 'Krotreal' Korotchenko - meaning the cat was well and truly out of the bag."
Security researcher Dancho Danchev has also posted his analysis of the Koobface gang online.
According to the research, Koobface scammers basically got sloppy.
"The Koobface botnet master's biggest mistake is using the Koobface infrastructure for hosting a domain that was registered with the botnet master's personal email address," Danchev wrote.
Sophos, meanwhile, said that on that "Command & Control" server, the Koobface gang accidentally revealed their file and directory names by enabling a Web server module. Later, they installed a Webalizer statistics tool in a publicly accessible way, providing even more insight, Sophos said.
The breakthrough, however, came in December 2009, "when the Webalizer statistics tool showed an unusual request to a file named 'last.tar.bz2,' which upon further examination turned out to contain a full daily backup of the Koobface Command & Control software," Sophos said.
The "Koobface Mothership" was found to be in Prague, but researchers also found that daily stats were being sent via text messages to Russian telephone numbers. Ultimately, the Koobface gang was identified by the researchers as Anton Korotchenko, Alexander Koltyshev, Roman Koturbach, Syvatoslav Polinchuk, and Stanislav Avdeik. According to the Times, the paper has not been able to contact the men, but Facebook "believes public namings can make it harder for such groups to operate and send a message to the criminal underground," the paper said.
For more from Chloe, follow her on Twitter @ChloeAlbanesius.
Source: http://www.pcmag.com/article2/0,2817,2398974,00.asp?kc=PCRSS05079TX1K0000992
election day 2011 mississippi personhood herman cain press conference joe frazier dead joe frazier dead topamax
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.