This article was published on January 17, 2012

Security firm Sophos reveals how it caught the gang behind Facebook malware, Koobface

Security firm Sophos reveals how it caught the gang behind Facebook malware, Koobface

A huge social network might seem like the place to spread malware more easily and prey upon the habits of causual users, but it also lead to the downfall of the group responsible for Koobface.

Koobface, an anagram of Facebook, spreads through social networks, infecting PCs and building a botnet of compromised machines.

According to the security company, Sophos, it is so sophisticated, it can create its own social networking accounts to spread itself even further. As good a reason as any to be wary of unsolicited friend requests from people you don’t know.

The New York Times noted that Facebook, computer security investigators and law enforcement officials have known the identities of the Koobface gang for years.

Sophos has released a fascinating in-depth report on how it used its research and naming some of the alleged perpetrators as Anton Korotchenko, Alexander Koltyshev, Roman Koturbach, Syvatoslav Polinchuk, and Stanislav Avdeiko.

The creators of Koobface, whose names have not been public until today, earn millions of dollars every year by compromising computers.

Image: Sophos

SophosLabs malware expert Dirk Kollberg and independent researcher Jan Droemer worked with an extensive team. The research took place between October 2009 and February 2010, but the authorities requested that it be kept confidential to allow the necessary time to build a case.

“It’s an incredible detective story of tireless investigation, which involved scouring the internet, searching company records and taking advantage of schoolboy social networking errors made by the suspected criminals, their friends and family.  We know the gang’s names, their phone numbers, where their office is, what they look like, what cars they drive, even their mobile phone numbers,” said Graham Cluley, senior technology consultant at Sophos.  “Now we have to wait and see what, if any, action the authorities will take against the Koobface gang.”

It just goes to show that even when you try to cover our tracks, actions online can reveal a much clearer picture of who we are.

Have you ever noticed strange approaches via your social media accounts or invited the wrong person in? What are your rules for staying safe on social networks?