Koobface worm can double command and control servers in 48 hours

The Koobface worm, which targets social networking sites, can double the number of command and control (C&C) servers in 48 hours, says security firm Kaspersky Lab.

The Koobface worm, which targets social networking sites, can double the number of command and control (C&C) servers in 48 hours, says security firm Kaspersky Lab.

Koobface, which targets sites such as Facebook and Twitter, is rapidly expanding its C&C infrastructure to communicate with infected PCs, said Kaspersky.

The increase is mainly in the US, where more than half of the Koobface C&C servers are hosted.

Recent activity indicates that cybercriminals are constantly monitoring their infrastructure status to ensure they do not lose control over the botnet, said Stefan Tanase, researcher at Kaspersky Lab.

"When the number of active C&C servers drops to a critical level, they seem to be ready to implement dozens of new ones," he said.

The Koobface gang appears to prefer having at least 100 C&C servers online and to ensure they are distributed across the globe and with different ISPs to make the take-down process harder, said Tanase, although most are currently in the US.

Guidelines for defence against Koobface

• Be cautious when opening links in suspicious messages, even if the sender is one of your trusted Facebook friends.

• Use an up-to-date browser, such as Firefox 3.x, Internet Explorer 8, Google Chrome or Opera 10.

• Divulge as little personal information as possible.

• Keep your anti-virus software updated to protect against new versions of malware.

Read more on Hackers and cybercrime prevention

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

  • How do I size a UPS unit?

    Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...

  • How to enhance FTP server security

    If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...

  • 3 ways to approach cloud bursting

    With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...

SearchDataManagement

Close