Koobface Malware Traced To 5 Russians

New submitter theonlyholle writes "Naked Security, the Sophos IT security blog, has published an article about the authors of the Koobface malware that plagued Facebook users in 2008 and the investigation that led to their identification. Apparently the botnet was created by five Russians from St. Petersburg."

Solved

[netwarerip]

Apparently 'Koobface' is Russian for "Sorry bro, but no one gives a rat's ass about your latest forays in Farmville".

Of course, reading the artilcle and seeing how sloppy they were in covering their tracks it's possible it just means "dumbass".

Re:Normally, I oppose botnets and other malware st

does anything good ever come out of Russia?

Where's the Hate?

What, no ACs making blanket declarations about how evil this is? No piling on against the government? No insulting the people who live in that country?
Oh, it wasn't Americans doing it, so everyone doesn't have to turn on the flames and grab pitchforks.

Re:Where's the Hate?

Exactly.

You see, people from Russia admit to doing things like this, as evidenced from how the koobface gang has involved their families, registered businesses, etc.

The reason such accusations are made against Americans is that said Americans often live in a bubble that makes the late Steve Jobs' reality distortion field look like a cheesy pair of 3D glasses. It's the rest of the world (and US citizens) attempting to educate the US.

Re:Normally, I oppose botnets and other malware st

What about those Russian dating agencies advertised on Slashdot? (The photos of the women look nice.)

Re:Normally, I oppose botnets and other malware st

Girls. Remember them?

Re:In Soviet Russia...

In Soviet Russia jokes make you old.

Re:Normally, I oppose botnets and other malware st

[K.+S.+Kyosuke]

Girls. Remember them?

Nope, I only remember the burly soldiers, before they left in 1990. But now that I'm thinking about it, it's quite possible that some of the burly soldiers were actually girls.

Wow, Russians involved in cybercrime....

[Viol8]

Well thats that mystery solved. Now if only I could remember where those damn bears went after they borrowed a toilet roll...

I don't have facebook

I dont care.
What I do care is if you try to make it a problem reaction solution game.

The Good, the bad and the Ugly

does anything good ever come out of Russia?

Math? Chess players?

GP:

Normally. In the case of Facebook I make an exception.

Yeah. I was constantly cleaning up family member's computers over that.

The good side: "Why aren't you on Facebook?"

"Koobface. Talk to the hand."

Well, it's a lot simpler than going through the privacy violations, whoring of personal data, etc, etc, etc ....

Here's my father in law's reason (he has top secret double something or another clearance with defense contractors) "I have to keep my security clearance and Facebook is a no-no."

So, "I'm applying to jobs that require a security clearance and therefore a Facebook account is a no-no."

Re:The Good, the bad and the Ugly

> Here's my father in law's reason (he has top secret double something or another clearance with defense
> contractors) "I have to keep my security clearance and Facebook is a no-no."

Gaylord, is that you?

Re:The Good, the bad and the Ugly

[plopez]

Here's my father in law's reason (he has top secret double something or another clearance with defense contractors) "I have to keep my security clearance and Facebook is a no-no."

Does he take all his sensitive documents home with him on a USB so he can keep them safe? ;)

Re:The Good, the bad and the Ugly

[mjwalshe]

Didn't seem to stop the current C getting the top job in SIS (MI6) though did it? A more nuanced approach would be to have face book etc and use it as part of your cover.

WHAT a COUNTRY!

[Thud457]

nah, wasn't funny even in 1984...

Eastern European Malware

[omganton]

It seems that most malware originates from the Eastern European block, mainly Russia and the former USSR nations. I wonder if this is economically driven or socially driven. Is the creation of malware an attempt to generate revenue (via trojans that must be "purchased" to unlock all features and "remove infections"), or is it some type of political statement against the rest of the internet. If there was great revenue to be had, you'd think the malware would come from all over the world. Why the isolation to such a specific area?

Re:Eastern European Malware

[jeyk]

I personally think it is economically driven. The definition of "great revenue" is not the same in different parts of the world.

Re:Eastern European Malware

It seems that most malware originates from the Eastern European block, mainly Russia and the former USSR nations. I wonder if this is economically driven or socially driven. Is the creation of malware an attempt to generate revenue (via trojans that must be "purchased" to unlock all features and "remove infections"), or is it some type of political statement against the rest of the internet. If there was great revenue to be had, you'd think the malware would come from all over the world. Why the isolation to such a specific area?

To get decent malware, you basically need (A) Reasonably smart/skillful technical people and (B) a lack of legitimate jobs that pay better than stealing

Most places that have A don't have B, but it is unfortunately common in some parts of the Eastern block.

Re:Eastern European Malware

[cecom]

I come from Eastern Europe and I think that it is socially driven. Corruption is so prevalent in absolutely every aspect of life - from traffic tickets to simply buying something in the store. So "white collar" crime like this is socially acceptable.

It is most definitely not economically driven - in Eastern Europe there is a huge hunger for competent developers, so unless Russia is an exception (I doubt it), it is easy to find a legal well paying programming job.

Full disclosure: I left Eastern Europe a long time ago and I am not Russian, but I am extrapolating from my own country.

Re:Eastern European Malware

[Torvac]

Why the isolation to such a specific area?

could ask any banker/pirate/priest in the vatican the same question. because you wont get caught there.

Re:Eastern European Malware

As a Ukrainian I completely agree with parent, it is absolutely true - except grocery stores - never had to bribe anyone :)

This type of crime is absolutely insignificant in the eyes of the authority.
Disclaimer: I have also left eastern europe some time ago :)

Re:Eastern European Malware

[mapkinase]

The factor is disregard for somebody else's property, starting from communal property and private property. Decades of communistic approach to property lead to generation of thiefs, when practically everybody had no moral qualms about stealing practically anything, especially badly guarded.

I remember the time when I first came to US, I was in the lab with postdocs like myself, from Soviet Russia, and one of them was quite excited about the discovery that one can manipulate the odometer to decrease the reading and not be penalized for a leased car.

Russians could be very moral and compassionate to other people, but the area of property is moral tabula rasa for Russians.

Stealing, breaking, damaging, vandalizing, wasting - all kind of things one can do with property in Russia, except for investing, saving, multiplying...

Re:Eastern European Malware

[Pecisk]

I strongly disagree (yeah, I'm coming from Eastern Europe). If that would be true new generations would be example of politeness and respect to each other.

It has little to do with abolishment of private property (In fact, for Bolshevist elite owning something a lot wasn't a issue, government couldn't take your property away just because they would like to after sixties). Main reason was butchering of middle intelligence of Eastern Europe during Stalin and WWII times. Lot of them where Jews, lot of them where liberals, lot of them where actual communists (yeah, Stalin loved to push his way how he sees future to people). Both sides - Bolshevists and Nazi - killed them in hundred thousands. Society were raped brutally. It resulted in lot of perversions you see today in Russia and Eastern Russia.

Without people as example respect to each other became extinct and with it - respect to other property (because it is related with respect to other feelings and opinion).

And in the end, correction - Communism never calls for abolishment of property, it calls for abolishment of capital property used for manufacturing. And it calls for respecting collective property. I know, I know, human nature can't wrap his mind around it - BS, I don't believe that. We choose because it is more convenient to tell us that no one can stop greed.

Re:Eastern European Malware

[LanceUppercut]

97% of malware originates in USA. This is a well-known fact, which has been posted and discussed even here on /. repeatedly. Russia does produce malware, but most of it targets the local market. The reason this piece is making the news is that we are observing the rare case when foreign malware is detected on US market. This is indeed a rather strange and curious occurrence, since it makes no practical or economical sense for the perpetrators.

Re:Eastern European Malware

97% of malware originates in USA. This is a well-known fact, which has been posted and discussed even here on /. repeatedly.

No, it's not, or if it has, I haven't seen it. Try another repetition with references this time, please.

Re:Normally, I oppose botnets and other malware st

[NonUniqueNickname]

"Librum facium"? Your Latin skills deserve in faciem palma.

GOD'S GARBAGE DUMP !!

Because in Soviet Russia it is dismal every day, with all hope abandoned !! If it were not for cheap and plentiful vodka, bodies would litter the streets instead of filth !!

Re:GOD'S GARBAGE DUMP !!

Vodka is not cheap in Russia for Russians. Even the bathtub vodka (vodichka) made from beet sugar is costly.

Re:GOD'S GARBAGE DUMP !!

[utkonos]

Not sure where you live, but in Piter vodka is pretty cheap. 200 rub will get you a decent bottle of Z Mark, and that works out to about $6. The same size bottle of vodyara in the US would cost about $25. If you spend that kind of money in Russia, you'll be buying Tsarskaya or Gaufman. Then there's my favorite place, Ukraine. Everything is crazy cheap there, I love it. Go visit the city of Nemirov in Ukraine. That's where they make Nemiroff Vodka. Nice.

Job Security

[virgnarus]

"We found em! Now let's just publicly release our information prior to the suspects being apprehended so that they can discover they've been found and cough up a small percentage of their illegally-garnered wealth to hide themselves from the officials and force the investigation to continue for years to come!"

Re:Job Security

[Zocalo]

According to the story the information was already shared with select members of the security community and relevent law enforcement, which presumably includes the St. Petersberg PD where most of the suspects seem to spend a lot of their time. I'm guessing this public release of the data is because local enforcement have yet to act on the information (or have already been bribed to ignore it) and this is an attempt to give things a nudge in the right direction.

Re:Job Security

[ios+and+web+coder]

Sadly, I doubt there's evidence that can be used to actually convict them.

However, the story is an object lesson on the dangers inherent in modern social networks.

If THESE folks can get found out (note that some of them were actually "ratted out" by their own Significant Others), then the normal mensch on FaceBook is pretty much screwed.

Re:Job Security

The article also mentions that someone already leaked that the people involved had been identified, which means releasing the story doesn't tell the involved parties anything they didn't already know.

Re:Normally, I oppose botnets and other malware st

[plopez]

You're probably thinking of the women's olympic teams.

Re:Normally, I oppose botnets and other malware st

[Synerg1y]

A large amount of exploits, viruses, malware, spyware that is then later analyzed by American "security experts", who marvel at the ingenuity. Coding tends to be better on an empty stomach I guess.

Re:Normally, I oppose botnets and other malware st

the vodka, the AK-47, the T-34, the black shark, the women, the sputnik, etc.

Leaves one to wonder...

[damn_registrars]

How many cybercrime gangs are operating in Russia these days? Are they competing with each other, collaborating with each other, or are they mostly ignoring each other?

And more importantly, could something useful be extracted from that?

Re:Leaves one to wonder...

[Em+Adespoton]

Google partnerka :) The answer is "all of the above" -- sometimes even among the same gangs at the same time.

Re:Normally, I oppose botnets and other malware st

[K.+S.+Kyosuke]

You're probably thinking of the women's olympic teams.

Well, those were often composed of burly female soldiers anyway. ;)

Re:Normally, I oppose botnets and other malware st

[Spectre]

What about those Russian dating agencies advertised on Slashdot? (The photos of the women look nice.)

Interesting ... I get ads for data integration and server hosting ... how do I get YOUR ads? ;-)

Re:Normally, I oppose botnets and other malware st

[Forty+Two+Tenfold]

Coding tends to be better on an empty stomach I guess.

Plenus venter non studet libenter.

Re:Normally, I oppose botnets and other malware st

[muyla]

Start Browsing more 4chan and pron and less tech websites until their adsense realises that you are a tipical basement dweller...

Re:Normally, I oppose botnets and other malware st

It is based on what you have searched lately (or just generic if you havent searched)
The other AC was apparently looking for those sites previously.

In Soviet Russia...

In Soviet Russia, car analogy references you!

fun read, seemed well researched

[mrflash818]

Fun read, interesting, scary, and a "D'Oh!" all in one.

Re:Normally, I oppose botnets and other malware st

Sophos != American

Re:Normally, I oppose botnets and other malware st

[Synerg1y]

Well said!

Have-You-Heard?

There's a virus from St. Petersburg!

Re:Have-You-Heard?

What they're saying on the street?

Re:Normally, I oppose botnets and other malware st

[wiedzmin]

does anything good ever come out of Russia?

Ballet? Vodka? :)

Sad

[ThatsNotPudding]

We (US-ians) can croak known terrorists on foreign soils without much in the way of permission, but we can't get these guys?

Re:Sad

Why? Perhaps they even did not think that the Koobface will became so common.

Re:Normally, I oppose botnets and other malware st

General Patton was right and Truman should have listened.

Re:Normally, I oppose botnets and other malware st

You mean DISEASE VECTORS?

Re:In Soviet Russia...

[Thud457]

isn't Bookface one of the super villains in "The Tick"?!!!

Re:Normally, I oppose botnets and other malware st

(Sophos (American) Sophos)
SophosLabs operates out of Abingdon UK, Vancouver Canada, Sydney Australia, Burlington MA USA, Wiesbaden Germany and Zagreb Croatia. The analysts in question operate out of Germany, I believe.

Re:Normally, I oppose botnets and other malware st

[alexo]

What about those Russian dating agencies advertised on Slashdot? (The photos of the women look nice.)

Sure, if you're into dating photos.

Re:Normally, I oppose botnets and other malware st

[vikingpower]

Gratias ago tibi, amice, per correctionem. "Librum" quidem forma accepta est per "liberum"; "facium" necnon genitivus pluralis est. Error ubi est ?

Lessons learned

[G04T]

Having RTFA yesterday I think this taught some valuable tips on what NOT to do. For instance:

1) Don't use the same handle for your malicious activities that you do for everything else. Sure it's 1337 and shit to have a recognizable handle, I mean who doesn't wanna be the next Zero Cool, amirite? But it might be a good idea to use a separate identity to commit crimes.

2) If you're going to have your malware freaking *text* you, pick up a few cheap burn phones for your gang to use.

Without this information in their scripts and on the server we'd still be sitting around not having a clue who was behind this.

Ugh.. Americanism of cerebral cortex

[LanceUppercut]

Ugh... Americanism of cerebral cortex is running strong on /. today. Considering that the amount of "loose money" in Russia is about two orders of magnitude higher than in USA, why would Russian hackers ever target USA? Do hackers anywhere in the world target Zimbabwe? Ivory Coast? Haiti? Hackers target rich populations with high accessibility of "easy money", i.e. countries with large number of proverbial blondes carrying around 1-2 millions of US dollars cash as pocket money. And that spells "Russia". Bit a piss-poor craphole like USA??? Why would any hacker target it? Last occurrence of Russian hackers targeting anyone outside of Russia was recorded sometime around 2003. And now we get a suspiciously well-written piece with another set of fantastic claims... Sounds like someone in USA is trying to compensate for their inferiority complex by their delusion of grandeur :) Did Condoleezza Rice get back in the office? If not, who's guiding this 50-cent army on Slashdot? That's the question that needs answering.