Koobface Malware Traced To 5 Russians

New submitter theonlyholle writes "Naked Security, the Sophos IT security blog, has published an article about the authors of the Koobface malware that plagued Facebook users in 2008 and the investigation that led to their identification. Apparently the botnet was created by five Russians from St. Petersburg."

WHAT a COUNTRY!

[Thud457]

nah, wasn't funny even in 1984 [imdb.com]...

Re:

[Spectre]

What about those Russian dating agencies advertised on Slashdot? (The photos of the women look nice.)

Interesting ... I get ads for data integration and server hosting ... how do I get YOUR ads? ;-)

Re:

[muyla]

Start Browsing more 4chan and pron and less tech websites until their adsense realises that you are a tipical basement dweller...

Re:

[alexo]

What about those Russian dating agencies advertised on Slashdot? (The photos of the women look nice.)

Sure, if you're into dating photos.

Re:

[K. S. Kyosuke]

Girls. Remember them?

Nope, I only remember the burly soldiers, before they left in 1990. But now that I'm thinking about it, it's quite possible that some of the burly soldiers were actually girls.

Re:

[plopez]

You're probably thinking of the women's olympic teams.

Re:

[K. S. Kyosuke]

You're probably thinking of the women's olympic teams.

Well, those were often composed of burly female soldiers anyway. ;)

Re:

[Synerg1y]

A large amount of exploits, viruses, malware, spyware that is then later analyzed by American "security experts", who marvel at the ingenuity. Coding tends to be better on an empty stomach I guess.

Re:Normally, I oppose botnets and other malware st

[Forty Two Tenfold]

Coding tends to be better on an empty stomach I guess.

Plenus venter non studet libenter.

Re:

[Synerg1y]

Well said!

Re:

[plopez]

Here's my father in law's reason (he has top secret double something or another clearance with defense contractors) "I have to keep my security clearance and Facebook is a no-no."

Does he take all his sensitive documents home with him on a USB so he can keep them safe? ;)

Re:

[mjwalshe]

Didn't seem to stop the current C getting the top job in SIS (MI6) though did it? A more nuanced approach would be to have face book etc and use it as part of your cover.

Re:

[Anonymous Coward]

the vodka, the AK-47, the T-34, the black shark, the women, the sputnik, etc.

Re:

[wiedzmin]

does anything good ever come out of Russia?

Ballet? Vodka? :)

Re:Normally, I oppose botnets and other malware st

[NonUniqueNickname]

"Librum facium"? Your Latin skills deserve in faciem palma.

Re:

[vikingpower]

Gratias ago tibi, amice, per correctionem. "Librum" quidem forma accepta est per "liberum"; "facium" necnon genitivus pluralis est. Error ubi est ?

Solved

[netwarerip]

Apparently 'Koobface' is Russian for "Sorry bro, but no one gives a rat's ass about your latest forays in Farmville".

Of course, reading the artilcle and seeing how sloppy they were in covering their tracks it's possible it just means "dumbass".

Wow, Russians involved in cybercrime....

[Viol8]

Well thats that mystery solved. Now if only I could remember where those damn bears went after they borrowed a toilet roll...

Eastern European Malware

[omganton]

It seems that most malware originates from the Eastern European block, mainly Russia and the former USSR nations. I wonder if this is economically driven or socially driven. Is the creation of malware an attempt to generate revenue (via trojans that must be "purchased" to unlock all features and "remove infections"), or is it some type of political statement against the rest of the internet. If there was great revenue to be had, you'd think the malware would come from all over the world. Why the isolation to such a specific area?

GOD'S GARBAGE DUMP !!

[Anonymous Coward]

Because in Soviet Russia it is dismal every day, with all hope abandoned !! If it were not for cheap and plentiful vodka, bodies would litter the streets instead of filth !!

Re:

[utkonos]

Not sure where you live, but in Piter vodka is pretty cheap. 200 rub will get you a decent bottle of Z Mark, and that works out to about $6. The same size bottle of vodyara in the US would cost about $25. If you spend that kind of money in Russia, you'll be buying Tsarskaya or Gaufman. Then there's my favorite place, Ukraine. Everything is crazy cheap there, I love it. Go visit the city of Nemirov in Ukraine. That's where they make Nemiroff Vodka. Nice.

Re:

[jeyk]

I personally think it is economically driven. The definition of "great revenue" is not the same in different parts of the world.

Re:

[Anonymous Coward]

It seems that most malware originates from the Eastern European block, mainly Russia and the former USSR nations. I wonder if this is economically driven or socially driven. Is the creation of malware an attempt to generate revenue (via trojans that must be "purchased" to unlock all features and "remove infections"), or is it some type of political statement against the rest of the internet. If there was great revenue to be had, you'd think the malware would come from all over the world. Why the isolation to such a specific area?

To get decent malware, you basically need (A) Reasonably smart/skillful technical people and (B) a lack of legitimate jobs that pay better than stealing

Most places that have A don't have B, but it is unfortunately common in some parts of the Eastern block.

Re:Eastern European Malware

[cecom]

I come from Eastern Europe and I think that it is socially driven. Corruption is so prevalent in absolutely every aspect of life - from traffic tickets to simply buying something in the store. So "white collar" crime like this is socially acceptable.

It is most definitely not economically driven - in Eastern Europe there is a huge hunger for competent developers, so unless Russia is an exception (I doubt it), it is easy to find a legal well paying programming job.

Full disclosure: I left Eastern Europe a long time ago and I am not Russian, but I am extrapolating from my own country.

Re:

[Anonymous Coward]

As a Ukrainian I completely agree with parent, it is absolutely true - except grocery stores - never had to bribe anyone :)

This type of crime is absolutely insignificant in the eyes of the authority.
Disclaimer: I have also left eastern europe some time ago :)

Re:Eastern European Malware

[mapkinase]

The factor is disregard for somebody else's property, starting from communal property and private property. Decades of communistic approach to property lead to generation of thiefs, when practically everybody had no moral qualms about stealing practically anything, especially badly guarded.

I remember the time when I first came to US, I was in the lab with postdocs like myself, from Soviet Russia, and one of them was quite excited about the discovery that one can manipulate the odometer to decrease the reading and not be penalized for a leased car.

Russians could be very moral and compassionate to other people, but the area of property is moral tabula rasa for Russians.

Stealing, breaking, damaging, vandalizing, wasting - all kind of things one can do with property in Russia, except for investing, saving, multiplying...

Re:Eastern European Malware

[Pecisk]

I strongly disagree (yeah, I'm coming from Eastern Europe). If that would be true new generations would be example of politeness and respect to each other.

It has little to do with abolishment of private property (In fact, for Bolshevist elite owning something a lot wasn't a issue, government couldn't take your property away just because they would like to after sixties). Main reason was butchering of middle intelligence of Eastern Europe during Stalin and WWII times. Lot of them where Jews, lot of them where liberals, lot of them where actual communists (yeah, Stalin loved to push his way how he sees future to people). Both sides - Bolshevists and Nazi - killed them in hundred thousands. Society were raped brutally. It resulted in lot of perversions you see today in Russia and Eastern Russia.

Without people as example respect to each other became extinct and with it - respect to other property (because it is related with respect to other feelings and opinion).

And in the end, correction - Communism never calls for abolishment of property, it calls for abolishment of capital property used for manufacturing. And it calls for respecting collective property. I know, I know, human nature can't wrap his mind around it - BS, I don't believe that. We choose because it is more convenient to tell us that no one can stop greed.

Re:

[Torvac]

Why the isolation to such a specific area?

could ask any banker/pirate/priest in the vatican the same question. because you wont get caught there.

Re:

[LanceUppercut]

97% of malware originates in USA. This is a well-known fact, which has been posted and discussed even here on /. repeatedly. Russia does produce malware, but most of it targets the local market. The reason this piece is making the news is that we are observing the rare case when foreign malware is detected on US market. This is indeed a rather strange and curious occurrence, since it makes no practical or economical sense for the perpetrators.

Job Security

[virgnarus]

"We found em! Now let's just publicly release our information prior to the suspects being apprehended so that they can discover they've been found and cough up a small percentage of their illegally-garnered wealth to hide themselves from the officials and force the investigation to continue for years to come!"

Re:

[Zocalo]

According to the story the information was already shared with select members of the security community and relevent law enforcement, which presumably includes the St. Petersberg PD where most of the suspects seem to spend a lot of their time. I'm guessing this public release of the data is because local enforcement have yet to act on the information (or have already been bribed to ignore it) and this is an attempt to give things a nudge in the right direction.

Re:

[ios and web coder]

Sadly, I doubt there's evidence that can be used to actually convict them.

However, the story is an object lesson on the dangers inherent in modern social networks.

If THESE folks can get found out (note that some of them were actually "ratted out" by their own Significant Others), then the normal mensch on FaceBook is pretty much screwed.

Leaves one to wonder...

[damn_registrars]

How many cybercrime gangs are operating in Russia these days? Are they competing with each other, collaborating with each other, or are they mostly ignoring each other?

And more importantly, could something useful be extracted from that?

Re:

[Em Adespoton]

Google partnerka :) The answer is "all of the above" -- sometimes even among the same gangs at the same time.

Re:

[Thud457]

isn't Bookface one of the super villains in "The Tick"?!!!

fun read, seemed well researched

[mrflash818]

Fun read, interesting, scary, and a "D'Oh!" all in one.

Sad

[ThatsNotPudding]

We (US-ians) can croak known terrorists on foreign soils without much in the way of permission, but we can't get these guys?

Lessons learned

[G04T]

Having RTFA yesterday I think this taught some valuable tips on what NOT to do. For instance:

1) Don't use the same handle for your malicious activities that you do for everything else. Sure it's 1337 and shit to have a recognizable handle, I mean who doesn't wanna be the next Zero Cool, amirite? But it might be a good idea to use a separate identity to commit crimes.

2) If you're going to have your malware freaking *text* you, pick up a few cheap burn phones for your gang to use.

Without this information

Ugh.. Americanism of cerebral cortex

[LanceUppercut]

Ugh... Americanism of cerebral cortex is running strong on /. today. Considering that the amount of "loose money" in Russia is about two orders of magnitude higher than in USA, why would Russian hackers ever target USA? Do hackers anywhere in the world target Zimbabwe? Ivory Coast? Haiti? Hackers target rich populations with high accessibility of "easy money", i.e. countries with large number of proverbial blondes carrying around 1-2 millions of US dollars cash as pocket money. And that spells "Russia". Bi