Researchers Take Down Koobface Servers

splitenz notes the first actions in the war against the Koobface botnet, taken on the heels of a comprehensive report (PDF) on the operations of the botnet and the criminal gang behind it. The researchers who analyzed Koobface are the same ones who brought Ghostnet to light. "Security researchers, working with law enforcement and Internet service providers, have disrupted the brains of the Koobface botnet.The computer identified as the command-and-control server used to send instructions to infected Koobface machines was offline late Friday (US Pacific time). Criminals behind the botnet made more than $US2 million in one year. Facebook accounts are used to lure victims to Google Blogspot pages, which in turn redirect them to Web servers that contain the malicious Koobface code. This action is only a stage in the war against Koobface."

Re:koobface, from wikipedia:

[hairyfeet]

That is why I have been saying for ages the most common software like Flash, along with updates to drivers like NV and ATI, should come through Windows Update. But sadly every Joe Schmo company that didn't get included would scream "antitrust!". What I've found to work in the meantime with clueless users is simply tell them "If a site says you need to update Flash or Java or whatever, go here, put checkboxes on what you need, then run it". Ninite has all the most common like Flash, Silverlight, .NET, Java, as well as browsers, media players, KLite Codec pack for those that get the "you need codecs to play" problem, pretty much anything they need.

I tell them if the site still demands they install something after running Ninite it is a virus and should be ignored and avoided. It does help to cut down on the clueless ones whose machines I don't have direct access to. For those I DO have access to I have Update Checker installed and running in the background so they KNOW if Filehippo don't tell them there is an update there is NO update. Everyone makes fun of the "stupid" users, but really nobody can know everything and some of these sites are damned hard to tell from real. Giving the clueless a few tools such as this really helps cut down the infections, although I think windows Update doing it would be even better.