Koobface Gang Reacts to Security Expert’s Article

Controllers of the botnet Koobface have reacted to a piece of writing by Dancho Danchev, an independent security researcher, using a message that they implanted within an HTML script in order that they could disseminate maliciously created video codecs.

Danchev, who published his writing during February 2010, outlined several assumptions regarding the mode of operation of the Koobface controllers, their association with other criminals as well as the motives driving their activities. He named the article "10 things you didn't know about the Koobface gang."

Says Danchev and AV companies, the Koobface virus, perceived as an extremely complicated malicious program so far, captures data from hijacked computers as well as canvasses scareware websites, as per the news published by The Register on May 18, 2010.

Garbed as a Facebook anagram, Koobface actually proliferates across social-networking websites. From mid-2008, when it first emerged it's been propagating through infected home PCs, usually in the form of a bogus Flash Player. Moreover, its bot-infected computers work like command-and-control servers manipulating malicious software, with an association with scareware distribution.

Explaining Koobface bots Danchev writes that their impressive nature is related to their efforts towards avoiding prominent campaigns influencing prestigious web properties in the USA, and spurious operations like click fraud. They also try to make their illicit operations legal by asserting that they don't campaign for crimeware and that they haven't ever stolen users' credit card information.

Meanwhile, the Koobface gang has admitted that it diverted Internet Protocol space of Facebook towards Danchev's blog. While reacting to the security expert's article, the gang left the 2nd separate message for him as well as the 3rd note in which there's a reference to Danchev.

Apart from this, the gang further conceded that it was involved in poisoning innumerable websites during 2009 in a scareware scam.

But, the chief of the gang dismissed Danchev's assumption that the botnet had any involvement in contaminated banner advertisements posted onto the New York Times newspaper site during September 2009. Actually, the group was thought to have managed to inject banner advertisements inside NYT's ad network so when visitors accessed the site, those ads were then exhibited, while scareware messages intermittently popped up.

Related article: Koobface Worm Still Active on Facebook Through Hacked Accounts

» SPAMfighter News - 5/28/2010