Researchers Pwned the Koobface Botnet

After recording a  win over the complicated admin panel in the Zeus botnet a week ago, security researchers have made another major and successful strike over the Koobface botnet. The Koobface botnet was responsible for spreading a worm on Twitter last year that directed users to a video download and then, to a fake codec download to play that video. As obvious, the codec was nothing but a malware.

The Koobface botnet has finally been brought down by security researchers who worked with law enforcement and have  intimidated  Facebook and Google about many fake accounts used for the botnet.

Nart Villeneuve the chief research officer with SecDev Group said,

Those are all on the same network, and they’re all inaccessible right now.

when talking about one of the Koobface server admin control panel.

Koobface has the same operating structure even now. A video download link takes you to a codec download page, the codec being Koobface. Video links were posted on Facebook and then, users were redirected to these codec downloads through Google BlogSpot.

The botnet communicated with four Russian cellphone numbers sending those details of earnings. However, something interesting was communicated from the Koobface group to the researches. The researchers claim,

The Koobface gang had a certain charm and ethical restraint.  They communicated with security researchers about their intents and their desire not to do major harm. They limited their crimes to petty fraud, albeit massive in scale and scope. But the scary part is that they could have easily done otherwise.


Published by

Chinmoy Kanjilal

Chinmoy Kanjilal is a FOSS enthusiast and evangelist. He is passionate about Android. Security exploits turn him on and he loves to tinker with computer networks. You can connect with him on Twitter @ckandroid.