Forgot your password?
typodupeerror
Botnet Crime Facebook Security IT

Researchers Take Down Koobface Servers 35

Posted by kdawson
from the pennies-at-a-time dept.
splitenz notes the first actions in the war against the Koobface botnet, taken on the heels of a comprehensive report (PDF) on the operations of the botnet and the criminal gang behind it. The researchers who analyzed Koobface are the same ones who brought Ghostnet to light. "Security researchers, working with law enforcement and Internet service providers, have disrupted the brains of the Koobface botnet.The computer identified as the command-and-control server used to send instructions to infected Koobface machines was offline late Friday (US Pacific time). Criminals behind the botnet made more than $US2 million in one year. Facebook accounts are used to lure victims to Google Blogspot pages, which in turn redirect them to Web servers that contain the malicious Koobface code. This action is only a stage in the war against Koobface."
This discussion has been archived. No new comments can be posted.

Researchers Take Down Koobface Servers

Comments Filter:
  • not sure (Score:5, Funny)

    by phantomfive (622387) on Saturday November 13, 2010 @04:03PM (#34217068) Journal
    I'm not sure how they did this exactly, but I'm pretty sure they didn't do it with the SQLNinja hacker tool from Fedora.

    Awesome job guys.
  • OK, now, I'll expect to hear a lot of bleating about how it's unethical to use Black Hat methods to take down Spam Bot Networks...

    Folks, spammers don't play by the rules, and playing by the rules will not, in the long term, even dent spammers.

    If we're not willing to us a "no holds barred" approach to attacking the spam bot issue, well, you better just get used to more and more spam.
    • Re: (Score:3, Insightful)

      by John Hasler (414242)

      It may be reasonable to start doing something against the bots but "no holds barred" is never justified. "Fighting fire with fire" just burns everything down.

      • Re: (Score:3, Insightful)

        by Sycraft-fu (314770)

        In particular because vigilantes have a bad reputation when it comes to correctly identifying targets and having a low occurrence of collateral damage. You get people who very much have the crusader mentality who get convinced of their own righteousness and infallibility. It leads to problems, it leads to innocents getting caught up on a large scale. Whenever you ahve to start up with "The ends justify the means," it generally means that they in fact don't.

        • However, if no viable alternative exists it's the lesser of two evils. A functioning police system and judiciary is a luxury and a means to an end, not a moral cause in and of itself. Spam and botnets currently lie mostly outside of the reach of the law, so if something is to be done about it it's going to be done by private forces. It's not so much a slippery slope as a slippery ladder, stretching back to before the first societies arose. And we still haven't found the bastard that soaped it up.
      • by couchslug (175151)

        ""Fighting fire with fire" just burns everything down."

        That is a much-cherished asserted conclusion promulgated by those who are emotionally uncomfortable with force.

    • by WrongSizeGlass (838941) on Saturday November 13, 2010 @04:51PM (#34217294)

      If we're not willing to us a "no holds barred" approach to attacking the spam bot issue, well, you better just get used to more and more spam.

      I'm working on crossing a Predator Drone with traceroute. Right now it's more like 'Tron' meets the 'A-Team' but it's still in the development phase. I'll let you know when I'm ready to test it ;-)

    • Re: (Score:1, Offtopic)

      by PietjeJantje (917584)
      In that case, since we like the widen our search in our next case, Sir, we'll search all of your traffic data and what you typed into Google the last year.
      • Re: (Score:1, Flamebait)

        by pgmrdlm (1642279)

        If you receive a notice of high bandwidth usage after a pattern of never going over a specific amount in a month. Whats your problem?

        Profiling of bandwidth use would be a very good tool. And I feel completely legitimate. Your a 68 year old parent who is using 40 gig a month of bandwidth. This is after a pattern over several years of only 1 gig a month. You think that shouldn't be questioned???

        And based on your snotty response to the previous person. Yes, I expect you to flame me. Go for it, I'm waiting wi

    • If we're not willing to us a "no holds barred" approach to attacking the spam bot issue, well, you better just get used to more and more spam.

      By fighting fire with fire you risk disrupting the whole internet; spam is nothing compare to the shit you could unleash by doing so. The worst than happen when spam cross my filter is that I have to press flag as spam, considering the trouble caused, this problem does not deserve anymore resources than it currently has.

      • The worst than happen when spam cross my filter is that I have to press flag as spam, considering the trouble caused, this problem does not deserve anymore resources than it currently has.

        It's much worse than that. Spam accounts for more than 90% of email traffic arriving at servers. There is also much more to malware than spam. Don't lose track of the fact that bots are computers controlled by criminals. There are probably hundreds of millions of them.

      • Re: (Score:1, Offtopic)

        by pgmrdlm (1642279)

        My biggest problem is not spam. But people that get infected with key loggers or other data gathering tools which give up everything about them. Loss of income, loss of privacy.

        I think everyone lose's track of that fact.

  • by biskit (55311)

    Well Done.

  • The researchers took down three C&C servers (yay) but this doesn't get to the crux of the problem. We've been hijacking C&C's for decades; Malware authors are just moving to a P2P model (e.g. Stuxnet). These researchers should figure out how to stop the mass FTP compromises, or advise Google and Facebook on how to prevent their sites from being used as a platform for these attacks. Maybe then we could start solving this Malware problem...
  • TANSTAAFM: There Ain't No Such Thing As A Free Market.

Parts that positively cannot be assembled in improper order will be.

Working...