Koobface takedown exposes money trail
Face/off
Regcast training : Hyper-V 3.0, VM high availability and disaster recovery
A Koobface server takedown operation which began over the weekend has already shed new light into the operations of the infamous botnet.
UK ISP Coreix unplugged command and control servers linked to the worm on Friday as part of a wider takedown operation spearheaded by Canadian security firm SecDev. Nart Villeneuve, head of the SecDev team, has informed other ISPs about compromised FTP accounts as well as notifying Google and Facebook about accounts abused by Koobface as part of a wide-ranging effort to curtail malicious activity associated with the infamous botnet.
Previous takedown efforts have had a positive effect, at least temporarily, but Koobface is particularly sophisticated and resilient. The botnet has hauled itself up from the canvas after previous heavy blows and few security watchers expect it to stay down for the count this time around, even after taking a series of particularly heavy blows.
As part of their takedown efforts the SecDev team infiltrated a server used to send daily updates of illicit revenues raked in by the worm via SMS messages to four mobile numbers in Russia. Daily revenues sent through the Paymar payment system varied between $1,000 and $20,000 a day according to these figures, IDG reports.
Researchers at SecDev reckon the Koobface gang have made an estimated $2m since the first appearance of the worm in July 2008. Around half this income came from promoting sales of scareware (fake anti-virus) products while the rest came through click fraud and other scams.
Koobface targets surfers on Facebook and other social networks, typically encouraging prospective marks to execute malware packages disguised as Flash updates supposedly needed to view lurid or shocking content. Once executed the malware turns compromised PCs into zombie drones under the control of hackers. ®
COMMENTS
"these cyber-crime syndicates aren't really your standard cyber-crime syndicates"
Yes, they are. The problem is that most people still view them as a sneaky gang of nerds doing "nasty" stuff with their computer to make a few extra bucks, not as the thugs they are. Highly organized, extremely well funded crime organizations of the likes of major drug dealer, human trafficking and weapons sales syndicates.
I don't believe for a minute that cyber crime syndicates don't get involved in mentioned 'old school' crimes, and vice versa. More likely that they are the same people that simply found a new "revenue stream".
And as they have the means to pay a lot more than the industry would they get the best developers working for them. That is at least what we have to assume looking at the sophistication of their 'products'.
Don't make the mistake to always assume involvement of some "governmental authorities" whenever things become "big" like some conspiracy theory dimwit (although I like conspiracy theories for their entertainment value ;-) ).
The Mafia, Mob, Syndicates or whatever you want to call it have always had the advantage of being better funded and less restricted in their methods than the authorities who ought to wipe them out. They can go where no governmental organization ever could.
And they are actually not even that "organized", more a huge but lose conglomerate of small groups with the same interests working together where it suits them. There is no master plan, no uber boss. No single point to take out to stop it all.
It you want to get rid of an Ant plague in your garden, poison the queen, and the case is solved (until the next tribe moves into the same den). In this case I guess it is more like fighting rats or roaches. In every way...
And...here's your title
@AC 14:09 Fatal System Error is a good read on this subject.
Am I the only person thinking that with all of this money being funneled to Russia,
maybe these cyber-crime syndicates aren't really your standard cyber-crime syndicates and maybe some other non-police type government agents need to get involved in taking them down?
IT infrastructure monitoring strategies
Agentless Backup is Not a Myth
Top 10 SIEM implementer’s checklist
Steps to Take Before Choosing a Business Continuity Partner
Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider
