Skip to main content

Koobface Servers Downed By Researchers

Security researchers have taken down three servers belonging to the command and control centre of the notorious Koobface botnet.

The operation was part of an investigation conducted by The Information Warfare Monitor (IWM) which comprises of the Citizen Lab, Munk School of Global Affairs, University of Toronto and The SecDev Group.

The IWM investigators had infiltrated a server which provided them with critical details on the operations and monetisation strategies of the Koobface botnet.

Using the information, the researchers managed to bring down three servers located at UK-based hosting company Coreix.

The hosting company's financial director told IT Pro that the company had disconnected the three servers, but refused to comment further as the investigation is still on-going.

According to Nart Villeneuve, chief research officer for SecDev, who released the inner workings of the Koobface botnet, the botnet operators have managed to steal around $2 million (£1.24 million) between June 2009 and June 2010.

The botnet tricked unsuspecting social networking users into downloading malware that aided in click-fraud scams.

The report found: “Koobface maintains a system that uses social networking platforms, such as Facebook, to send malicious links. Social networking platforms allow Koobface to exploit the trust that humans have in one another in order to trick users into installing malware and engaging in click fraud.”