Facebook outs Koobface worm crew

Social network scour helps reveal five members.
  • Liam Tung (CSO Online)
  • — 18 January, 2012 09:10

Facebook on Tuesday named the five people it believes were behind the notorious Koobface worm, which duped a few hundred thousand Facebook users into downloading its malware. The key Koobface operators include Anton Korotchenko, Stanislav Avdeyyko, Svyatoslave Polichuck, Roman Koturcbach and Alexander Koltyshv, the New York Times reported Tuesday.

The crew were believed to have earned about US$2 million a year, according to Canadian security firm, SecDev, and prompted Facebook to undertake a major investigation beginning in 2008 to uncover the people behind the worm, discovered by Russian antivirus firm, Kasperksy. Koobface revenue depended on a combination of click-fraud and fake security software, while its malware was spread by luring users - primarily from Facebook but also other social networks like Twitter and Bebo - with the promise of a video which required them to install a new but fake codec or an Adobe Flash upgrade.

Facebook said Tuesday it would begin sharing information it has on the Koobface-five with security vendors and other web companies.

Sophos, which was also involved in the investigation, led by its researcher Dirk Kollberg, traced the group's operations back to St Petersburg, Russia and the Czech Republic.

Much of Kollberg's research between October 2009 and February 2010 in linking the five members was conducted via business registries and Russia's equivalent of Facebook, Vkontakte.

Sophos' key find was a file it located in December 2009 which contained a full daily backup of the Koobface command and control software, allowing Kollberg to analyse the network's management tools.

Facebook said it has been free of Koobface infections for over nine months, after its March 2011 "technical takedown" of the Koobface command and control "Mothership".

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Netcraft tool flags websites affected by Heartbleed

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Sophos Mobile Control

Data protection, policy compliance and device control for mobile devices

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.