The Inquirer-Home

Koobface gang shuts down servers after being exposed

Botnet gets taken down
Thu Jan 19 2012, 15:12

CYBER CRIMINALS behind the Koobface malware have turned off their command and control servers and deleted online profiles after being named and shamed.

The Koobface botnet has been stopped its tracks after security vendor Sophos revealed the identities of the five member Russian gang following a lengthy investigation. The malware successfully attacked thousands of machines allowing the group to make money via pay-per-click links and fake antivirus software.

Graham Cluley, senior technology consultant at Sophos said, "The C&C (comamnd and control) servers at the heart of Koobface have stopped responding, and the individuals uncovered by the report have been busy deleting their profiles on social networks, where they had left digital clues as to their identities."

Regardless of the fact that they have deleted their various profiles, the evidence has been archived and handed over to law enforcement agencies. The data includes photos, videos and location check-ins.

The Sophos report revealed that the gang was based in St Petersburg. According to Cluley, the Russian anti-cybercrime unit never investigated the Koobface gang because it simply wasn't asked to do so.

Facebook has yet to publish a statement on the development but Ryan McGeehan from its security team said, "The thing that we are most excited about is that the botnet is down. Our decision to become transparent about this has had a 24-hour impact. Only time will tell if it's permanent but it was certainly effective." µ


Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

INQ Poll

Happy new year!

What tech are you most looking forward to in 2015