Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Take Down Koobface Servers

Posted by kdawson on from the pennies-at-a-time dept.

splitenz notes the first actions in the war against the Koobface botnet, taken on the heels of a comprehensive report (PDF) on the operations of the botnet and the criminal gang behind it. The researchers who analyzed Koobface are the same ones who brought Ghostnet to light. "Security researchers, working with law enforcement and Internet service providers, have disrupted the brains of the Koobface botnet.The computer identified as the command-and-control server used to send instructions to infected Koobface machines was offline late Friday (US Pacific time). Criminals behind the botnet made more than $US2 million in one year. Facebook accounts are used to lure victims to Google Blogspot pages, which in turn redirect them to Web servers that contain the malicious Koobface code. This action is only a stage in the war against Koobface."

5 of 35 comments (clear)

  1. Re:koobface, from wikipedia: by Kosi · · Score: 2, Insightful

    Those people need to be kicked off the net until they can demonstrate that they can play nicely with the rest of us.

    Although the BOFH in me would like that, thoroughly fining them would be enough. And if we really had a law that would allow to ban people from the net for incompetence, how long would it take that it would be abused to cut off government critical voices and the like? Or some evil corp gets the machine of a critical blogger infected and he's offline. Not with me.

  2. Re:Fight Fire With Fire. by John+Hasler · · Score: 2, Insightful

    It may be reasonable to start doing something against the bots but "no holds barred" is never justified. "Fighting fire with fire" just burns everything down.

    --
    Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
  3. Re:koobface, from wikipedia: by bfree · · Score: 2, Insightful

    Why were people running a "flash player update" from a third party web site they got to from Facebook?

    They are used to seeing the "you need the latest flash to view this content, click here to install it now". Sure when it's done the "normal" way the executable they randomly install will come from Adobe, but the entire process is begging for this tomfoolery.

    To those who can't guess, I use Linux, won't install anything from Adobe and use noscript in the browser so forgive me if the "official" process has changed from the above idiotic implementation.

    --

    Never underestimate the dark side of the Source

  4. Re:Fight Fire With Fire. by Sycraft-fu · · Score: 2, Insightful

    In particular because vigilantes have a bad reputation when it comes to correctly identifying targets and having a low occurrence of collateral damage. You get people who very much have the crusader mentality who get convinced of their own righteousness and infallibility. It leads to problems, it leads to innocents getting caught up on a large scale. Whenever you ahve to start up with "The ends justify the means," it generally means that they in fact don't.

  5. Good job guys, but... by exentropy · · Score: 1, Insightful

    The researchers took down three C&C servers (yay) but this doesn't get to the crux of the problem. We've been hijacking C&C's for decades; Malware authors are just moving to a P2P model (e.g. Stuxnet). These researchers should figure out how to stop the mass FTP compromises, or advise Google and Facebook on how to prevent their sites from being used as a platform for these attacks. Maybe then we could start solving this Malware problem...