Koobface worm growing rapidly
Online security firm Kaspersky Lab has issued a warning regarding a surge in Koobface, a highly prolific worm infecting social networking sites.
The malicious programme targets sites such as Facebook and Twitter and uses compromised legitimate websites as proxies for its main command and control server.
According to Kaspersky the number of Koobface live C&C servers has suddenly doubled. All Koobface-infected computers use these servers to receive remote commands and updates.
Kaspersky believes that the largest growth in Koobface C&C servers has been in the United States.
“These latest happenings give us some indication of how the Koobface gang takes care of its infrastructure,” says Stefan Tanase, Senior Regional Researcher, Kaspersky Lab EEMEA.
“Based on this, we can conclude that the cybercriminals are constantly monitoring their infrastructure status. They do not want the number of C&C servers to drop too much, as that would mean losing their control over the botnet.”
“When the number of active C&C servers drops to a critical level, they seem to be ready to implement dozens of new ones. The total number of Koobface C&C servers is constantly fluctuating, going from over a hundred to under a hundred and back again in a matter of weeks. It seems that when 100 C&C servers are online, the Koobface gang is relaxed,” concluded Tanase.
Koobface worm growing rapidly<< Discussion