Koobface Manipulates Facebook Accounts, Yields $2m Annually

According to Nart Villeneuve, security researcher at Information Warfare Monitor (IWM) who wrote the "Koobface: Inside a Crimeware Network" report, operators of Koobface botnet make an earning of more than $2m annually by proliferating the worm via the accounts of infected users who browse on websites of social-networking. Geeks Planet published this on November 14, 2010.

Incidentally, IWM, which released Villeneuve's report regarding the Koobface band's money-making schemes, is a collaboration that gets the support of security investigators from Citizen Lab and the SecDev Group in the University of Toronto's Munk School of Global Affairs.

The paper presents various details regarding both the huge set up of the botnet as also the way its controllers practice reaping massive amounts of dollars by amassing an innumerable number of bots.

Describing the Koobface worm, the security researchers say that it consists of malware that contaminates its victims' friends on Facebook along with a botnet code that enable the Koobface controllers to compromise and manipulate the contaminated PCs from the remote.

States Villeneuve that the Koobface operators manage to effectively earn money by employing Pay-Per-Install and Pay-Per-Click affiliate programs. Moreover, they've been forcefully making hijacked PCs to download malware as also perform click fraud. There's also a server called the mothership, which the Koobface owners maintain. The mothership works like a connection between fake security software and the pay-per-click programs, and the hijacked computers' users, Villeneuve explains. Geeks Planet reported this.

Normally Koobface spreads whilst the contaminated system of a user dispatches messages to friends, by using his account on social networks. These messages urge the recipients to run certain movie file. However, the file's link directs the recipient that he requires taking down certain codec from the Net so he can watch the movie, while the codec in reality is Koobface.

Furthermore, according to the report, the first detection of Koobface was during December 2008 from when the worm has been circulating across several popular social-networking websites, including Twitter, MySpace and Facebook. Koobface, the report states, managed in expanding its criminal business via exploiting 20,000 Facebook accounts, along with 500,000 fake Gmail and Google-blogger accounts.

Related article: Koobface Worm Still Active on Facebook Through Hacked Accounts

» SPAMfighter News - 11/23/2010