Koobface malware gang - the noose tightens?

Filed Under: Botnet, Facebook, Featured, Law & order, Malware, Social networks

KoobfaceMembers of the Koobface malware gang might be feeling a little hot under the collar as evidence has begun to spill onto the internet about the alleged identity of one of its members.

Koobface has been terrorising millions of internet users since mid 2008, and much investigation has taken place into how the malware works, the group's business model and revenue chains.

However, despite multiple attempts by the authorities to bring down its infrastructure permanently, Koobface remains a significant and ongoing threat.

In 2009, Sophos experts - working with trusted others in the computer security industry - began working on a secret operation to identify key members of the Koobface gang, and shared the information with law enforcement agencies.

By February 2010, we believed that we had identified not just one suspected member of the Koobface gang, but other apparent accomplices too.

Individuals named in report investigating Koobface gang

And it's not just names that we have dug out - but photos, addresses, phone numbers, social networking accounts, movies, company registrations, personal relationships, even details of what cars they own..

In the case of at least one gang member, his location can even be tracked hour-by-hour as he checks into locations via FourSquare (he was at the movies last night, for instance).

Cinema visit

Those investigating the Koobface gang have kept silent about this research until now, at the request of the authorities, because of ongoing law enforcement efforts.

However, now details have unfortunately begun to leak onto the net. And we know that some of the individuals unearthed by our investigations have been made aware of the interest in them. The cat can truly be said to be peeking out of the bag.

It's important, of course, to recognise that the names we have identified have not yet been charged in relation to Koobface, and have not been found guilty of any crimes. The evidence unearthed only links individual names to ones being used by the Koobface gang - it does not necessarily prove their involvement.

We hope to be able to share much more information, including a paper about the Koobface investigation which had to be withdrawn from a security conference, with Naked Security readers in the coming days. Watch this space.

Update: Read our indepth report: The Koobface malware gang - exposed!

, , ,

You might like

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.