Koobface that for Long Targeted Facebook Abandons the Social Network

According to FireEye, the security company, its researchers have found that Koobface, the PC-virus, which created disaster on Facebook during 2010, seems like it's no longer exploiting the social-networking website for disseminating its malevolent web-links.

Reportedly, it was February 13 or so in 2011 that Koobface last attempted at contaminating users, observes FireEye in a posting to its malware Intelligence Lab blog dated April 8, 2011. In that attack, the scammers utilized a web-link that diverted victims onto one phony YouTube movie, which could be viewed only after taking down one particular codec file. But that file was malicious, which actually compromised the users' computers.

Remarking about this new and fascinating occurrence, Senior Threat Analyst Atif Mushtaq with FireEye the anti-malware software vendor stated that suddenly, it was observed that bot-masters stopped commanding their hijacked PCs to send out bogus messages to members of Facebook whose accounts had been compromised. Actually, FireEye initially thought it to be merely an interim move; however, when the silence went on for 2-months, the company couldn't ignore it any longer, he added. Crn.com published this on April 12, 2011.

Nevertheless, according to Mushtaq, the command-and-control (C&C) servers of Koobface were very much active. Net-security.org published this on April 11, 2011.

Indeed, according to FireEye, it had seen over 153 active C&C servers of Koobface during the recent period. Now it was merely that Koobface had stopped exploiting Facebook for disseminating itself, the company noted.

Speculating as to why this transformation has occurred, Mushtaq says that owing to infecting so many Facebook accounts, it drew a lot of undesirable attention towards the virus and its proliferators. Further, the steps that Facebook's security experts undertook such as stopping malevolent URLs and taking down the C&C servers meant too much labor on the part of the cyber-criminals for keeping the virus active.

Moreover, Mushtaq feels that for the Koobface controllers, moving out from Facebook as the virus' key contamination medium would dilute the website's interest in the malware. But he's confident that the Koobface perpetrators must be utilizing alternative vectors like exploit kits, pay-per-install and torrents for disseminating their ware.

Related article: Koobface Worm Still Active on Facebook Through Hacked Accounts

» SPAMfighter News - 4/21/2011