Koobface Virus Creators Scam $2M; Origins Traced to UK

Dennis Faas's picture

Online security companies are celebrating this week after learning that the dreaded Koobface virus suffered a critical blow that could compromise its continued existence. Security officials discovered that most of the web servers hosting the virus' "command and control" structure were effectively dismantled, thus limiting its exposure to the outside world.

Koobface originally made headlines early last March (2009), when it wreaked havoc on thousands of vulnerable Facebook pages. The virus was responsible for installing malware on the computers of victims who mistakenly (and unknowingly) clicked onto a rogue link of a YouTube video suggested by a "friend."

Once a computer is infected with Koobface, it becomes part of a zombie network of PCs, otherwise known as a botnet. Once part of the botnet, infected PCs await master commands from a central computer -- usually to send unsolicited bulk email messages (spam), for example. It was the central command-and-control computer which was effectively shut down, rendering the botnet of infected computers useless.

Koobface Virus Traced Back to UK

The source of the command and control center was traced back to servers in the United Kingdom (UK), via hosting company Coreix. While those at Coreix are likely innocent of knowing about the command and control center, it is probable that those behind the Koobface virus were, in actuality, hackers who had broken the Coreix system.

Alan Dean, financial director at Coreix, confirmed that his company had suspended at least three servers as part of a further investigation into the Koobface gang.

Said Dean, "Those investigations are ongoing. We therefore do not wish to make any further statement at the moment which might, even in some small way, impact on those investigations. We stress out commitment to working with the police to bring the perpetrators of crime to justice and to removing sites of services that breach any laws or the terms of our Acceptable Use Policy." (Source: topnews.us)

Koobface: Massive Click Fraud Campaign

As previously mentioned, most botnets are used to send out millions of spam email messages on a daily basis.

In this case, however, Koobface was responsible for carrying out a massive click fraud campaign via pay-per-click (PPC) and pay-per-install schemes.

Here's how it worked: once a computer was infected with Koobface, it was programmed to click on website ads or install links to online software. Each time a click was faked, money would be awarded to the scamsters via online affiliate programs. (Source: itpro.co.uk)

In the one year window spanning June 2009 to June 2010, Koobface was believed to have scored its operators $2 million US dollars. Now, with its most pertinent command and control center in shambles, that windfall is set to run out.

Rate this article: 
No votes yet