Koobface worm can double command and control servers in 48 hours

The Koobface worm, which targets social networking sites, can double the number of command and control...

The Koobface worm, which targets social networking sites, can double the number of command and control (C&C) servers in 48 hours, says security firm Kaspersky Lab.

Koobface, which targets sites such as Facebook and Twitter, is rapidly expanding its C&C infrastructure to communicate with infected PCs, said Kaspersky.

The increase is mainly in the US, where more than half of the Koobface C&C servers are hosted.

Recent activity indicates that cybercriminals are constantly monitoring their infrastructure status to ensure they do not lose control over the botnet, said Stefan Tanase, researcher at Kaspersky Lab.

"When the number of active C&C servers drops to a critical level, they seem to be ready to implement dozens of new ones," he said.

The Koobface gang appears to prefer having at least 100 C&C servers online and to ensure they are distributed across the globe and with different ISPs to make the take-down process harder, said Tanase, although most are currently in the US.

Guidelines for defence against Koobface

• Be cautious when opening links in suspicious messages, even if the sender is one of your trusted Facebook friends.

• Use an up-to-date browser, such as Firefox 3.x, Internet Explorer 8, Google Chrome or Opera 10.

• Divulge as little personal information as possible.

• Keep your anti-virus software updated to protect against new versions of malware.



Enjoy the benefits of CW+ membership, learn more and join.

Read more on Hackers and cybercrime prevention

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.