Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Koobface Malware Traced To 5 Russians

timothy posted more than 2 years ago | from the but-that's-right-near-tampa dept.

Botnet 64

New submitter theonlyholle writes "Naked Security, the Sophos IT security blog, has published an article about the authors of the Koobface malware that plagued Facebook users in 2008 and the investigation that led to their identification. Apparently the botnet was created by five Russians from St. Petersburg."

Sorry! There are no comments related to the filter you selected.

In Soviet Russia... (-1, Offtopic)

Anonymous Coward | more than 2 years ago | (#38725564)

don't. It was (somewhat) funny in 2006, please don't kill the joke even more...

Re:In Soviet Russia... (0)

Anonymous Coward | more than 2 years ago | (#38725806)

In Soviet Russia jokes make you old.

WHAT a COUNTRY! (1)

Thud457 (234763) | more than 2 years ago | (#38725918)

nah, wasn't funny even in 1984 [imdb.com] ...

Normally, I oppose botnets and other malware stuff (-1, Troll)

vikingpower (768921) | more than 2 years ago | (#38725566)

Normally. In the case of Facebook I make an exception.

As Cato used to say: "Cetero censeo librum facium delendum esse".

Re:Normally, I oppose botnets and other malware st (0)

Anonymous Coward | more than 2 years ago | (#38725730)

does anything good ever come out of Russia?

Re:Normally, I oppose botnets and other malware st (0)

Anonymous Coward | more than 2 years ago | (#38725774)

What about those Russian dating agencies advertised on Slashdot? (The photos of the women look nice.)

Re:Normally, I oppose botnets and other malware st (1)

Spectre (1685) | more than 2 years ago | (#38726658)

What about those Russian dating agencies advertised on Slashdot? (The photos of the women look nice.)

Interesting ... I get ads for data integration and server hosting ... how do I get YOUR ads? ;-)

Re:Normally, I oppose botnets and other malware st (1)

muyla (1429487) | more than 2 years ago | (#38726828)

Start Browsing more 4chan and pron and less tech websites until their adsense realises that you are a tipical basement dweller...

Re:Normally, I oppose botnets and other malware st (0)

Anonymous Coward | more than 2 years ago | (#38726836)

It is based on what you have searched lately (or just generic if you havent searched)
The other AC was apparently looking for those sites previously.

Re:Normally, I oppose botnets and other malware st (1)

alexo (9335) | more than 2 years ago | (#38728834)

What about those Russian dating agencies advertised on Slashdot? (The photos of the women look nice.)

Sure, if you're into dating photos.

Re:Normally, I oppose botnets and other malware st (0)

Anonymous Coward | more than 2 years ago | (#38725776)

Girls. Remember them?

Re:Normally, I oppose botnets and other malware st (2)

K. S. Kyosuke (729550) | more than 2 years ago | (#38725816)

Girls. Remember them?

Nope, I only remember the burly soldiers, before they left in 1990. But now that I'm thinking about it, it's quite possible that some of the burly soldiers were actually girls.

Re:Normally, I oppose botnets and other malware st (2)

plopez (54068) | more than 2 years ago | (#38726214)

You're probably thinking of the women's olympic teams.

Re:Normally, I oppose botnets and other malware st (1)

K. S. Kyosuke (729550) | more than 2 years ago | (#38726600)

You're probably thinking of the women's olympic teams.

Well, those were often composed of burly female soldiers anyway. ;)

Re:Normally, I oppose botnets and other malware st (1)

Synerg1y (2169962) | more than 2 years ago | (#38726464)

A large amount of exploits, viruses, malware, spyware that is then later analyzed by American "security experts", who marvel at the ingenuity. Coding tends to be better on an empty stomach I guess.

Re:Normally, I oppose botnets and other malware st (3, Insightful)

Forty Two Tenfold (1134125) | more than 2 years ago | (#38726824)

Coding tends to be better on an empty stomach I guess.

Plenus venter non studet libenter.

Re:Normally, I oppose botnets and other malware st (1)

Synerg1y (2169962) | more than 2 years ago | (#38727434)

Well said!

Re:Normally, I oppose botnets and other malware st (0)

Anonymous Coward | more than 2 years ago | (#38727188)

Sophos != American

Re:Normally, I oppose botnets and other malware st (0)

Anonymous Coward | more than 2 years ago | (#38728312)

(Sophos (American) Sophos)
SophosLabs operates out of Abingdon UK, Vancouver Canada, Sydney Australia, Burlington MA USA, Wiesbaden Germany and Zagreb Croatia. The analysts in question operate out of Germany, I believe.

Re:Normally, I oppose botnets and other malware st (0)

Anonymous Coward | more than 2 years ago | (#38727960)

You mean DISEASE VECTORS?

The Good, the bad and the Ugly (0)

Anonymous Coward | more than 2 years ago | (#38725880)

does anything good ever come out of Russia?

Math? Chess players?

GP:

Normally. In the case of Facebook I make an exception.

Yeah. I was constantly cleaning up family member's computers over that.

The good side: "Why aren't you on Facebook?"

"Koobface. Talk to the hand."

Well, it's a lot simpler than going through the privacy violations, whoring of personal data, etc, etc, etc ....

Here's my father in law's reason (he has top secret double something or another clearance with defense contractors) "I have to keep my security clearance and Facebook is a no-no."

So, "I'm applying to jobs that require a security clearance and therefore a Facebook account is a no-no."

Re:The Good, the bad and the Ugly (0)

Anonymous Coward | more than 2 years ago | (#38726086)

> Here's my father in law's reason (he has top secret double something or another clearance with defense
> contractors) "I have to keep my security clearance and Facebook is a no-no."

Gaylord, is that you?

Re:The Good, the bad and the Ugly (1)

plopez (54068) | more than 2 years ago | (#38726246)

Here's my father in law's reason (he has top secret double something or another clearance with defense contractors) "I have to keep my security clearance and Facebook is a no-no."

Does he take all his sensitive documents home with him on a USB so he can keep them safe? ;)

Re:The Good, the bad and the Ugly (-1)

Anonymous Coward | more than 2 years ago | (#38727252)

Here's my father in law's reason (he has top secret double something or another clearance with defense contractors) "I have to keep my security clearance and Facebook is a no-no."

Does he take all his sensitive documents home with him on a USB so he can keep them safe? ;)

Absolutely not!

WTF is that supposed to mean?!

Fuck you! I hope you get your ass shot off by a DOD operative!

Re:The Good, the bad and the Ugly (1)

mjwalshe (1680392) | more than 2 years ago | (#38732618)

Didn't seem to stop the current C getting the top job in SIS (MI6) though did it? A more nuanced approach would be to have face book etc and use it as part of your cover.

Re:Normally, I oppose botnets and other malware st (1)

Anonymous Coward | more than 2 years ago | (#38726532)

the vodka, the AK-47, the T-34, the black shark, the women, the sputnik, etc.

Re:Normally, I oppose botnets and other malware st (1)

wiedzmin (1269816) | more than 2 years ago | (#38727526)

does anything good ever come out of Russia?

Ballet? Vodka? :)

Re:Normally, I oppose botnets and other malware st (0)

Anonymous Coward | more than 2 years ago | (#38727778)

General Patton was right and Truman should have listened.

Re:Normally, I oppose botnets and other malware st (4, Funny)

NonUniqueNickname (1459477) | more than 2 years ago | (#38726042)

"Librum facium"? Your Latin skills deserve in faciem palma.

Re:Normally, I oppose botnets and other malware st (1)

vikingpower (768921) | more than 2 years ago | (#38734630)

Gratias ago tibi, amice, per correctionem. "Librum" quidem forma accepta est per "liberum"; "facium" necnon genitivus pluralis est. Error ubi est ?

Solved (1)

netwarerip (2221204) | more than 2 years ago | (#38725620)

Apparently 'Koobface' is Russian for "Sorry bro, but no one gives a rat's ass about your latest forays in Farmville".

Of course, reading the artilcle and seeing how sloppy they were in covering their tracks it's possible it just means "dumbass".

Where's the Hate? (0)

Anonymous Coward | more than 2 years ago | (#38725746)

What, no ACs making blanket declarations about how evil this is? No piling on against the government? No insulting the people who live in that country?
Oh, it wasn't Americans doing it, so everyone doesn't have to turn on the flames and grab pitchforks.

Re:Where's the Hate? (0)

Anonymous Coward | more than 2 years ago | (#38730456)

Exactly.

You see, people from Russia admit to doing things like this, as evidenced from how the koobface gang has involved their families, registered businesses, etc.

The reason such accusations are made against Americans is that said Americans often live in a bubble that makes the late Steve Jobs' reality distortion field look like a cheesy pair of 3D glasses. It's the rest of the world (and US citizens) attempting to educate the US.

WELL DUUUUUUH !! (-1)

Anonymous Coward | more than 2 years ago | (#38725804)

Who else but ruskies ?? Probably with a chinaman up each of their asses !!

Wow, Russians involved in cybercrime.... (2)

Viol8 (599362) | more than 2 years ago | (#38725818)

Well thats that mystery solved. Now if only I could remember where those damn bears went after they borrowed a toilet roll...

I don't have facebook (0)

Anonymous Coward | more than 2 years ago | (#38725828)

I dont care.
What I do care is if you try to make it a problem reaction solution game.

Eastern European Malware (3, Interesting)

omganton (2554342) | more than 2 years ago | (#38726012)

It seems that most malware originates from the Eastern European block, mainly Russia and the former USSR nations. I wonder if this is economically driven or socially driven. Is the creation of malware an attempt to generate revenue (via trojans that must be "purchased" to unlock all features and "remove infections"), or is it some type of political statement against the rest of the internet. If there was great revenue to be had, you'd think the malware would come from all over the world. Why the isolation to such a specific area?

GOD'S GARBAGE DUMP !! (1)

Anonymous Coward | more than 2 years ago | (#38726128)

Because in Soviet Russia it is dismal every day, with all hope abandoned !! If it were not for cheap and plentiful vodka, bodies would litter the streets instead of filth !!

Re:GOD'S GARBAGE DUMP !! (0)

Anonymous Coward | more than 2 years ago | (#38730378)

Vodka is not cheap in Russia for Russians. Even the bathtub vodka (vodichka) made from beet sugar is costly.

Re:GOD'S GARBAGE DUMP !! (1)

utkonos (2104836) | more than 2 years ago | (#38734330)

Not sure where you live, but in Piter vodka is pretty cheap. 200 rub will get you a decent bottle of Z Mark, and that works out to about $6. The same size bottle of vodyara in the US would cost about $25. If you spend that kind of money in Russia, you'll be buying Tsarskaya or Gaufman. Then there's my favorite place, Ukraine. Everything is crazy cheap there, I love it. Go visit the city of Nemirov in Ukraine. That's where they make Nemiroff Vodka. Nice.

Re:Eastern European Malware (2)

jeyk (570728) | more than 2 years ago | (#38726294)

I personally think it is economically driven. The definition of "great revenue" is not the same in different parts of the world.

Re:Eastern European Malware (2, Interesting)

Anonymous Coward | more than 2 years ago | (#38726630)

It seems that most malware originates from the Eastern European block, mainly Russia and the former USSR nations. I wonder if this is economically driven or socially driven. Is the creation of malware an attempt to generate revenue (via trojans that must be "purchased" to unlock all features and "remove infections"), or is it some type of political statement against the rest of the internet. If there was great revenue to be had, you'd think the malware would come from all over the world. Why the isolation to such a specific area?

To get decent malware, you basically need (A) Reasonably smart/skillful technical people and (B) a lack of legitimate jobs that pay better than stealing

Most places that have A don't have B, but it is unfortunately common in some parts of the Eastern block.

Re:Eastern European Malware (5, Informative)

cecom (698048) | more than 2 years ago | (#38726920)

I come from Eastern Europe and I think that it is socially driven. Corruption is so prevalent in absolutely every aspect of life - from traffic tickets to simply buying something in the store. So "white collar" crime like this is socially acceptable.

It is most definitely not economically driven - in Eastern Europe there is a huge hunger for competent developers, so unless Russia is an exception (I doubt it), it is easy to find a legal well paying programming job.

Full disclosure: I left Eastern Europe a long time ago and I am not Russian, but I am extrapolating from my own country.

Re:Eastern European Malware (1)

Anonymous Coward | more than 2 years ago | (#38727574)

As a Ukrainian I completely agree with parent, it is absolutely true - except grocery stores - never had to bribe anyone :)

This type of crime is absolutely insignificant in the eyes of the authority.
Disclaimer: I have also left eastern europe some time ago :)

Re:Eastern European Malware (4, Informative)

mapkinase (958129) | more than 2 years ago | (#38727850)

The factor is disregard for somebody else's property, starting from communal property and private property. Decades of communistic approach to property lead to generation of thiefs, when practically everybody had no moral qualms about stealing practically anything, especially badly guarded.

I remember the time when I first came to US, I was in the lab with postdocs like myself, from Soviet Russia, and one of them was quite excited about the discovery that one can manipulate the odometer to decrease the reading and not be penalized for a leased car.

Russians could be very moral and compassionate to other people, but the area of property is moral tabula rasa for Russians.

Stealing, breaking, damaging, vandalizing, wasting - all kind of things one can do with property in Russia, except for investing, saving, multiplying...

Re:Eastern European Malware (3, Informative)

Pecisk (688001) | more than 2 years ago | (#38728734)

I strongly disagree (yeah, I'm coming from Eastern Europe). If that would be true new generations would be example of politeness and respect to each other.

It has little to do with abolishment of private property (In fact, for Bolshevist elite owning something a lot wasn't a issue, government couldn't take your property away just because they would like to after sixties). Main reason was butchering of middle intelligence of Eastern Europe during Stalin and WWII times. Lot of them where Jews, lot of them where liberals, lot of them where actual communists (yeah, Stalin loved to push his way how he sees future to people). Both sides - Bolshevists and Nazi - killed them in hundred thousands. Society were raped brutally. It resulted in lot of perversions you see today in Russia and Eastern Russia.

Without people as example respect to each other became extinct and with it - respect to other property (because it is related with respect to other feelings and opinion).

And in the end, correction - Communism never calls for abolishment of property, it calls for abolishment of capital property used for manufacturing. And it calls for respecting collective property. I know, I know, human nature can't wrap his mind around it - BS, I don't believe that. We choose because it is more convenient to tell us that no one can stop greed.

Re:Eastern European Malware (1)

Torvac (691504) | more than 2 years ago | (#38727462)

Why the isolation to such a specific area?

could ask any banker/pirate/priest in the vatican the same question. because you wont get caught there.

Re:Eastern European Malware (1)

LanceUppercut (766964) | more than 2 years ago | (#38740856)

97% of malware originates in USA. This is a well-known fact, which has been posted and discussed even here on /. repeatedly. Russia does produce malware, but most of it targets the local market. The reason this piece is making the news is that we are observing the rare case when foreign malware is detected on US market. This is indeed a rather strange and curious occurrence, since it makes no practical or economical sense for the perpetrators.

Re:Eastern European Malware (0)

Anonymous Coward | more than 2 years ago | (#38748346)

97% of malware originates in USA. This is a well-known fact, which has been posted and discussed even here on /. repeatedly.

No, it's not, or if it has, I haven't seen it. Try another repetition with references this time, please.

Job Security (1)

virgnarus (1949790) | more than 2 years ago | (#38726178)

"We found em! Now let's just publicly release our information prior to the suspects being apprehended so that they can discover they've been found and cough up a small percentage of their illegally-garnered wealth to hide themselves from the officials and force the investigation to continue for years to come!"

Re:Job Security (2)

Zocalo (252965) | more than 2 years ago | (#38726350)

According to the story the information was already shared with select members of the security community and relevent law enforcement, which presumably includes the St. Petersberg PD where most of the suspects seem to spend a lot of their time. I'm guessing this public release of the data is because local enforcement have yet to act on the information (or have already been bribed to ignore it) and this is an attempt to give things a nudge in the right direction.

Re:Job Security (0)

Anonymous Coward | more than 2 years ago | (#38728444)

The article also mentions that someone already leaked that the people involved had been identified, which means releasing the story doesn't tell the involved parties anything they didn't already know.

Re:Job Security (1)

ios and web coder (2552484) | more than 2 years ago | (#38727860)

Sadly, I doubt there's evidence that can be used to actually convict them.

However, the story is an object lesson on the dangers inherent in modern social networks.

If THESE folks can get found out (note that some of them were actually "ratted out" by their own Significant Others), then the normal mensch on FaceBook is pretty much screwed.

Leaves one to wonder... (1)

damn_registrars (1103043) | more than 2 years ago | (#38726542)

How many cybercrime gangs are operating in Russia these days? Are they competing with each other, collaborating with each other, or are they mostly ignoring each other?

And more importantly, could something useful be extracted from that?

Re:Leaves one to wonder... (1)

Em Adespoton (792954) | more than 2 years ago | (#38728474)

Google partnerka :) The answer is "all of the above" -- sometimes even among the same gangs at the same time.

In Soviet Russia... (0)

Anonymous Coward | more than 2 years ago | (#38726890)

In Soviet Russia, car analogy references you!

Re:In Soviet Russia... (1)

Thud457 (234763) | more than 2 years ago | (#38728182)

isn't Bookface one of the super villains in "The Tick"?!!!

fun read, seemed well researched (1)

mrflash818 (226638) | more than 2 years ago | (#38726912)

Fun read, interesting, scary, and a "D'Oh!" all in one.

Have-You-Heard? (0)

Anonymous Coward | more than 2 years ago | (#38727440)

There's a virus from St. Petersburg!

Re:Have-You-Heard? (0)

Anonymous Coward | more than 2 years ago | (#38728290)

What they're saying on the street?

Sad (2)

ThatsNotPudding (1045640) | more than 2 years ago | (#38727592)

We (US-ians) can croak known terrorists on foreign soils without much in the way of permission, but we can't get these guys?

Re:Sad (0)

Anonymous Coward | more than 2 years ago | (#38728320)

Why? Perhaps they even did not think that the Koobface will became so common.

Lessons learned (1)

G04T (1066276) | more than 2 years ago | (#38737370)

Having RTFA yesterday I think this taught some valuable tips on what NOT to do. For instance:

1) Don't use the same handle for your malicious activities that you do for everything else. Sure it's 1337 and shit to have a recognizable handle, I mean who doesn't wanna be the next Zero Cool, amirite? But it might be a good idea to use a separate identity to commit crimes.

2) If you're going to have your malware freaking *text* you, pick up a few cheap burn phones for your gang to use.

Without this information in their scripts and on the server we'd still be sitting around not having a clue who was behind this.

Ugh.. Americanism of cerebral cortex (1)

LanceUppercut (766964) | more than 2 years ago | (#38740980)

Ugh... Americanism of cerebral cortex is running strong on /. today. Considering that the amount of "loose money" in Russia is about two orders of magnitude higher than in USA, why would Russian hackers ever target USA? Do hackers anywhere in the world target Zimbabwe? Ivory Coast? Haiti? Hackers target rich populations with high accessibility of "easy money", i.e. countries with large number of proverbial blondes carrying around 1-2 millions of US dollars cash as pocket money. And that spells "Russia". Bit a piss-poor craphole like USA??? Why would any hacker target it? Last occurrence of Russian hackers targeting anyone outside of Russia was recorded sometime around 2003. And now we get a suspiciously well-written piece with another set of fantastic claims... Sounds like someone in USA is trying to compensate for their inferiority complex by their delusion of grandeur :) Did Condoleezza Rice get back in the office? If not, who's guiding this 50-cent army on Slashdot? That's the question that needs answering.
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?