Investigators name Facebook Koobface worm suspects


Investigators name Facebook Koobface worm suspects

Warwick Ashford

Investigators have named five cybercriminals believed to be responsible for the Koobfaceinternet worm that spread via Facebook and other social networks.

Facebook and cybersecurity investigators used clues discovered on Koobface command and control server to identify the suspected cybercriminals and track them to St Petersburg in Russia.


The Koobface worm, which was typically disguised as a Flash update, was used to give the cybercriminals behind it control of hundreds of thousands of hijacked computers.

The investigators estimate that the Koobface gang was making around $2m a year from its botnet made up of as many as 800,000 hijacked computers.

Details of the investigation are detailed in a report by independent researcher Jan Dromer and Dirk Kollberg of security firm Sophos that was published in the firm’s Naked Security blog.

Graham Cluley, a senior technology consultant at Sophos, told the BBC he believed they had identified the right people: "We're pretty confident. I mean obviously we have to assume these people are innocent until proven guilty.”

Facebook said it has known the identities of the gang members for some time, but decided to name them publicly because of frustration over the lack of action by law enforcement authorities, according to The Telegraph.

Research into the suspects was mainly conducted from early October 2009 until February 2010 and has since been made available to various international law enforcement agencies, Sophos said.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Read More


COMMENTS powered by Disqus  //  Commenting policy