Koobface worm can double command and control servers in 48 hours


Koobface worm can double command and control servers in 48 hours

Warwick Ashford

The Koobface worm, which targets social networking sites, can double the number of command and control (C&C) servers in 48 hours, says security firm Kaspersky Lab.

Koobface, which targets sites such as Facebook and Twitter, is rapidly expanding its C&C infrastructure to communicate with infected PCs, said Kaspersky.

The increase is mainly in the US, where more than half of the Koobface C&C servers are hosted.

Recent activity indicates that cybercriminals are constantly monitoring their infrastructure status to ensure they do not lose control over the botnet, said Stefan Tanase, researcher at Kaspersky Lab.

"When the number of active C&C servers drops to a critical level, they seem to be ready to implement dozens of new ones," he said.

The Koobface gang appears to prefer having at least 100 C&C servers online and to ensure they are distributed across the globe and with different ISPs to make the take-down process harder, said Tanase, although most are currently in the US.

Guidelines for defence against Koobface

• Be cautious when opening links in suspicious messages, even if the sender is one of your trusted Facebook friends.

• Use an up-to-date browser, such as Firefox 3.x, Internet Explorer 8, Google Chrome or Opera 10.

• Divulge as little personal information as possible.

• Keep your anti-virus software updated to protect against new versions of malware.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy