Malware Writers Upgrade Koobface Botnet to Become More Resilient

According to security researchers at Trend Micro, people who created the social networking virus 'Koobface' have modified their botnet significantly so that it can better counter any attempt to its takedown.

Koobface, a PC virus, proliferates through the thefts of social-networking users' accounts from hijacked PCs. Its variants have scattered across Internet sites like Facebook, MySpace and of late, Twitter. Koobface, which began inflicting Twitter in July 2009, has proven extremely effective in infecting people using the site's micro-blogging service.

Trend Micro said - during the 3rd week of July 2009, the C&C (command-and-control) servers of Koobface botnet sent out a fresh instruction for the downloader component of the network. Accordingly, a host of Internet Protocol addresses was to be identified that would be used by the downloader element to supply proxies for recovering subsequent instructions as well as components.

Traditionally, the Koobface botnet had the downloader connected with the available C&C directly to take the server's instructions. But the recent instruction effectively changes the architecture of the Koobface botnet.

This modified and upgraded form of the Koobface setup enables the botnet to survive even if the whole lot of the C&C domains of the network is terminated provided the IP addresses, the Koobface-compromised PCs, host Koobface's revised instructions and components.

In the meantime, independent security researcher 'Dancho Danchev' has been monitoring the botnet generated by Koobface, and has been successful in persuading ISPs to shutdown its C&C servers.

His efforts have also drawn the attention of many in the industry, particularly the virus' writers, who have devised a scheme for strengthening its infrastructure.

Besides, security specialists at BitDefender caution that the virus is continuously proliferating on Twitter even though the site's staff has been trying to stop it. According to them, many users on Twitter do not check the links carefully before clicking on them, with some even lacking dependable and up-to-date anti-viruses on their systems.

During July 13-19, 2009, the Koobface infection rose 114%, 198% and 371% for Twitter users in the US, UK and France respectively.

Related article: Malware Authors Turn More Insidious

» SPAMfighter News - 8/17/2009