How five members of the Koobface malware gang were unmasked

Filed Under: Botnet, Facebook, Featured, Law & order, Malware, Social networks, Spam

According to the New York Times, Facebook is making public the names of the people it believes are responsible for the Koobface worm: a botnet which has helped its creators earn millions of dollars every year by compromising computers.

Koobface suspects

The five men are said to be involved in the Koobface malware gang, which has blighted millions of computer users.

Naked Security has great pleasure in being able to tell the in-depth story of how these individuals were identified as part of the Koobface gang, in a detailed investigation conducted by independent researcher Jan Drömer, and Dirk Kollberg of SophosLabs between early October 2009 and February 2010.

Read: The Koobface malware gang - exposed!

(Not familiar with Koobface? Here's some background information you may find handy to read first.)

The names uncovered by the researchers are the same as those announced today.

It's an incredible detective story of tireless investigation, which involved scouring the internet, searching company records and taking advantage of schoolboy social networking errors made by the suspected criminals, their friends and family.

The Koobface malware gang - exposed!

Koobface gangUp until now, Drömer and Kollberg's research has been a closely-guarded secret, known only to a select few in the computer security community and shared with various law enforcement agencies around the globe.

At the police's request we have kept the information confidential, but last week news began to leak onto the internet about Anton "Krotreal" Korotchenko - meaning the cat was well and truly out of the bag.

Now we have to wait and see what, if any, action the authorities will take against the Koobface gang.

Read: The Koobface malware gang - exposed!

, , , , , , , ,

You might like

7 Responses to How five members of the Koobface malware gang were unmasked

  1. jorgen · 988 days ago

    so now what??

    A slap on the hand??

    My guess nothing will come out of it
    unfortunately

    If it was up to me I would thow the lot in jail
    and throw away the key

    Jorgen/Kuwait

  2. Sam · 988 days ago

    Brilliant! Very well done all of you, I hope this excellent work brings a worthwhile result in the courts. However, I do think it is a mistake to publish all this detail - it provides too much of a primer for others who might be pursued in the future. There is no point making life easy for them.

  3. InfoSec Professional · 988 days ago

    Respectfully request a PDF version of this report.

  4. InfoSec Professional · 987 days ago

    and wich software was used to create the image with the relationship between the actors?

  5. pat m · 987 days ago

    I am not surprised that Russian people are involved. As a graphic designer I have come across several sites from Russia that have stolen my stuff and other graphic designers stuff and then post it on their site to sell it. We have tried to contact these people to stop this piracy all to no avail. These thieves do not respond and they refuse to take down our wares.

  6. Michael · 985 days ago

    Great work on this, interesting to see the process and how it all progressed!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.