Koobface Botnet and Compromising Social Networking Sites
The Koobface botnet (an anagram for Facebook) propagated exclusively across Facebook and managed to infect hundreds of thousands of users globally using social engineering campaigns to trick them into revealing personal details about themselves and their friends.
“Over a period of two and a half years I actively monitored the botnet’s activities and published the details on my personal blog. Eventually I learned of a single mistake made by one of the botnet masters behind the campaign, which eventually led me to actually find personally identifiable information on him, ultimately leading to the shutdown of the entire Koobface botnet at the time,” writes Dancho on his botnet takedown assist with the US government.
Dancho worked full days to provide actionable intelligence on the way the Koobface botnet worked including actual information on some of the current and latest campaigns launched by the Koobface operators at that time. He then made this information available to the broader security industry, including law enforcement, so they would be able to actually track down and prosecute some of the botnet masters behind it.
Bill Brenner from CSO Online reported in his article, “Dancho Danchev unmasks man behind the Koobface Botnet” at the time that Koobface “prompted friends to download an update to their Flash player in order to view a video. The update is a copy of the virus.” Pretty amazing stuff.
Launching an actual take-down effort against the botnet’s infrastructure, including the primary Command and Control (C&C) servers led to a personal message being distributed to all the infected hosts internationally which greeted me personally and included a reference to my personal blog followed by another message during the Christmas season including an actual point-by-point answers to my “Top 10 Things You Didn’t Know About the Koobface Botnet” which I published at ZDNet’s Zero Day blog at the time embedded on every malware-infected host part of the botnet.
It was an incredible success, and extremely rewarding for the intelligence community.