Koobface ring goes offline after Facebook exposes its members

Facebook appears to have the leaders of the Koobface ring on the run, and authorities are still hoping to catch up with them. After Facebook released the names of those responsible for that malware ring that targeted the social network's users, the group's central command and control server went offline, apparently as a precautionary measure to avoid getting apprehended.

The Koobface worm originated on the social network in 2008 and prompted users to click on a funny or sexy video. Once clicked, the user would be asked to update his or her Adobe Flash plugin, which would install the group's malware instead.

It is estimated the Koobface ring has stolen millions of dollars, and, at the height of the ring, had infected between 400,000 and 800,000 computers.

Related stories:

How to allow social media without getting 'Koobfaced'

Cyber threats in 2012: 5 pain points

However, once the malware ring was found targeting the social network's users in 2008, Facebook security experts started implementing measures to counteract Koobface.

"After more than three years and numerous hours of working closely with industry leaders, the security community and law enforcement, we are pleased to announce that Facebook has been free of infections for over nine months," Facebook Security wrote in a blog posting.

Along with recently shutting down the central node, the group, believed to be located in St. Petersburg, Russia, reportedly deleted all of their profiles. However, according to Graham Cluley, senior technology consultant at Sophos, that will not stop them from being prosecuted using their data history:

"Although social networking accounts have been wiped, security researchers and law enforcement agencies have archives of the vast amount of material already published by Koobface gang members, including photographs, movies, and locations as they checked into sites such as FourSquare.

"That data can be used in a variety of ways. For instance, FourSquare logins can be displayed on Google Earth, allowing researchers to replay how individuals have moved from place to place at certain times."

And this is exactly how Facebook was able to identify what it believes are the ring perpetrators. Many of the members actually checked into the location of the command-and-control hub multiple times with FourSquare over  the company's three-year investigation.

None of the named suspects have been charged as of yet due to issues with Russian law enforcement authorities. "An official request needs to be filed to the K Directorate first, and when it's filed, we will certainly investigate and work on it," Larisa Zhukova, a representative at the cyber unit, said to Reuters. "The request must come from the victim, that is Facebook. Because anyone can say or write anything, but it is all unfounded so far."


  • business meeting (Monkey Business Images/Shutterstock.com)

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (Shutterstock.com)

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected