Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Facebook to name and shame Russian Koobface gang

Researchers publish identities in face of police inaction

Article comments

Facebook could be about to take the unprecedented step of distributing the names of the Russians it believes were behind the Koobface worm that waged an infamous botnet campaign against the site’s users from 2008 onwards.

A report in the New York Times said that Facebook would today start circulating information on the gang to security companies and researchers, effectively a public unmasking in all but name.

This is despite the identities of some of the alleged gang already being known to a select group of security companies, including Facebook itself, that have pieced together the structure and design of the botnet built by it after penetrating command and control servers – the so-called ‘Mothership’ - in late 2009. The bot was seriously disrupted a year later.

Allegedly, the Koobface gang currently reside in St Petersburg, enjoying luxury breaks in locations such as Bali, Monte Carlo and Turkey, and are certainly known to local police authorities as well as the FBI.

Investigators have even been able to capture images of the men working in loft offices using Apple Macs as well as discover their online nicknames. A few appear to have been involved in legitimate software businesses although the oldest of the group is said to be connected to porn-popup spyware program CoolWebSearch which first appeared in 2003.

Their alleged creation, Koobface, was always a strange piece of malware marked out by a disarming mixture of cleverness (exploiting social media including sites other than Facebook) and pragmatism (the botnet is not believed to have exceeded a million hosts at its peak).

Koobface probably generated comparatively modest sums of around $2 million per annum using a mixture of click fraud and revenues from generating leads for fake antivirus scams.

Indeed, plenty is now known about the alleged gang with an unusually detailed expose being published by Sophos Labs’ researchers to coincide with the news from Facebook.

What Facebook hopes to achieve other than drawing attention to the uncomfortable level of police antipathy to cybercrime in some countries is hard to say.

"We know the gang's names, their phone numbers, where their office is, what they look like, what cars they drive, even their mobile phone numbers," said Graham Cluley of Sophos. "Now we have to wait and see what, if any, action the authorities will take against the Koobface gang."

Software companies taking matters such as this into their own hands is not unheard of. Last summer Microsoft took out ads in Russian newspapers as part of its legal campaign against the Rustock botnet, also offering a large bounty for the arrest of its creators.



Share:

More from Techworld

More relevant IT news

Comments



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *