18 Nov 2010

Internet security researchers take out Koobface servers

Researchers at a Canadian internet security firm helped strike a major blow against the Koobface botnet. Their efforts, which were part of an investigation conducted by the Information Warfare Monitor, disabled three command-and-control servers responsible for the botnet.

The victory comes shortly after the release of a report by Nart Villeneuve, the firm’s chief research officer, which detailed Koobface’s inner workings. Koobface uses social networks to spread malware, usually through the account of someone the victim knows.

"These links redirect users to false YouTube pages that encourage users to download malicious software masquerading as a video codec or a software upgrade," said Villeneuve on his website.

Villeneuve successfully infiltrated one of the servers the botnet was using to send financial information to phone numbers in Russia, InformationWeek reports. With the information he gleaned, the firm successfully disabled the three servers which were located at a UK-based hosting company.

According to the New York Times, Koobface has wreaked havoc on Facebook for more than two years. The site crafted its anti-malware defenses around stopping Koobface.