November 14, 2010 at 00:19The British found the control botnet server Koobface
Moreover, they not only found, but also closed the three main control servers of the famous Koobface botnet. Experts from the UK believe that this botnet belongs to "Russian-speaking cybercriminals." The servers, as it turned out, were stopped on Friday evening, which caused significant harm to the "Russian" botnet.
Servers were disconnected immediately after experts proved that these servers belong to this botnet. Three management servers were connected through an English provider. They turned off the server after the police turned to the management of the Coreix provider, through which the botnet interacted with the management servers. Now the servers are offline, and botnet activity has significantly decreased.
The botnet proved itself for the first time two years ago, and this botnet became famous for using the social network Facebook to infect users' computers. Actually, this botnet was named "in honor" of this social network. As an attraction, the botnet uses an offer to watch an interesting video sent to users of a social network. After the user clicks on the invitation, he is prompted to update the flash player.
Naturally, no updates are installed, but the Java script, which is a malicious program, is loaded. The creators of the botnet have well thought out the distribution scheme of a malicious script that downloads the client part of the botnet to users' computers. In addition to Facebook, the botnet also works with social networks such as MySpace, Twitter and some others. One of the most interesting aspects of the botnet is that even computers running Max OS X are susceptible to it. So far, very few malicious programs have been known that can, if applicable in this case, work with this operating system.
After infection, the virus displays a proposal to download an antivirus, which supposedly finds viruses in the system and requires money for “cleaning the PC”. You can send money by SMS, or by sending money through a bank. It is worth noting that one of the disconnected servers just worked with the financial flows of hackers. The botnet sent reports on its work to Russian numbers, about once a day. Experts say one of the hackers lives in St. Petersburg.
The opinion of many experts is rather pessimistic - only three management servers were found, while there could be hundreds of them. But the same experts believe that finding other servers is a matter of time, and thanks to the experience gained, they can be found much faster.
Servers were disconnected immediately after experts proved that these servers belong to this botnet. Three management servers were connected through an English provider. They turned off the server after the police turned to the management of the Coreix provider, through which the botnet interacted with the management servers. Now the servers are offline, and botnet activity has significantly decreased.
The botnet proved itself for the first time two years ago, and this botnet became famous for using the social network Facebook to infect users' computers. Actually, this botnet was named "in honor" of this social network. As an attraction, the botnet uses an offer to watch an interesting video sent to users of a social network. After the user clicks on the invitation, he is prompted to update the flash player.
Naturally, no updates are installed, but the Java script, which is a malicious program, is loaded. The creators of the botnet have well thought out the distribution scheme of a malicious script that downloads the client part of the botnet to users' computers. In addition to Facebook, the botnet also works with social networks such as MySpace, Twitter and some others. One of the most interesting aspects of the botnet is that even computers running Max OS X are susceptible to it. So far, very few malicious programs have been known that can, if applicable in this case, work with this operating system.
After infection, the virus displays a proposal to download an antivirus, which supposedly finds viruses in the system and requires money for “cleaning the PC”. You can send money by SMS, or by sending money through a bank. It is worth noting that one of the disconnected servers just worked with the financial flows of hackers. The botnet sent reports on its work to Russian numbers, about once a day. Experts say one of the hackers lives in St. Petersburg.
The opinion of many experts is rather pessimistic - only three management servers were found, while there could be hundreds of them. But the same experts believe that finding other servers is a matter of time, and thanks to the experience gained, they can be found much faster.