Facebook outs Koobface worm crew

Social network scour helps reveal five members.

Facebook on Tuesday named the five people it believes were behind the notorious Koobface worm, which duped a few hundred thousand Facebook users into downloading its malware.

The key Koobface operators include Anton Korotchenko, Stanislav Avdeyyko, Svyatoslave Polichuck, Roman Koturcbach and Alexander Koltyshv, the New York Times reported Tuesday.

The crew were believed to have earned about US$2 million a year, according to Canadian security firm, SecDev, and prompted Facebook to undertake a major investigation beginning in 2008 to uncover the people behind the worm, discovered by Russian antivirus firm, Kasperksy.

Koobface revenue depended on a combination of click-fraud and fake security software, while its malware was spread by luring users - primarily from Facebook but also other social networks like Twitter and Bebo - with the promise of a video which required them to install a new but fake codec or an Adobe Flash upgrade.

Facebook said Tuesday it would begin sharing information it has on the Koobface-five with security vendors and other web companies.

Sophos, which was also involved in the investigation, led by its researcher Dirk Kollberg, traced the group's operations back to St Petersburg, Russia and the Czech Republic.

Much of Kollberg's research between October 2009 and February 2010 in linking the five members was conducted via business registries and Russia's equivalent of Facebook, Vkontakte.

Sophos' key find was a file it located in December 2009 which contained a full daily backup of the Koobface command and control software, allowing Kollberg to analyse the network's management tools.

Facebook said it has been free of Koobface infections for over nine months, after its March 2011 "technical takedown" of the Koobface command and control "Mothership".

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

More about Adobe SystemsBeboFacebookSophos

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by Liam Tung

Latest Videos

More videos

Blog Posts