Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Facebook, researchers turn up heat on Koobface gang

Jeremy Kirk | Jan. 18, 2012
Security researchers are worried that the alleged Russia-based authors of Koobface, a piece of malicious software that plagued social networking sites such as Facebook, may slip away before law enforcement can catch them.

Security researchers are worried that the alleged Russia-based authors of Koobface, a piece of malicious software that plagued social networking sites such as Facebook, may slip away before law enforcement can catch them.

Those concerns come after the publication of a trove of information about the five men, said to be based in St. Petersburg, Russia, that security companies, Facebook and the FBI have been carefully tracking for at least two years.

The men are alleged to have created Koobface, a network of infected computers that have been used to drive traffic to websites that sell Web nuisances such as fake antivirus software. They've allegedly made an estimated US$2 million or more since 2008 by infecting computers and directing them to harmful websites, earning a fee for every forced referral.

The information released includes photographs, email addresses, names they used on social networking sites and physical locations -- essentially, enough detail to walk to their offices, knock on the door and call them by name.

The first leak came on Jan. 9 from Dancho Danchev, a security research and writer who posted extensive information on his blog about Anton Korotchenko, one of those accused. Danchev harvested a wealth of information that Korotchenko, who went by the nickname "KrotReal," publicly posted on services such as Twitter and Foursquare. Danchev could not be reached for comment.

Much of the information was already known throughout the security community. A "top secret cabal," known as the Koobface Working Group, had drawn together researchers from a variety of security companies to track the group, said Graham Cluley, senior technology consultant for Sophos.

In fact, Sophos had performed an exhaustive investigation and prepared a paper scheduled for presentation at a Virus Bulletin security conference last year, said Dirk Kollberg, one of its authors. But because the FBI was involved in the investigation, the presentation was canceled.

"We had to wait to not risk giving law enforcement the chance to take action," Kollberg said.

But after Danchev's writeup, Sophos decided to release the report on Tuesday. Kollberg said "it's a shame" the initial information was released, as it could hurt law enforcement investigations.

The New York Times also published an article on the leak on Tuesday, writing that Facebook plans to disclose more information on the group. Facebook's move is unprecedented, as most technology companies rarely reveal such detailed information on people they allege are doing something criminal.

The men have not been charged by Russian authorities. The other four men have been identified as Alexander Koltyshev, Roman Koturbach, Syvatoslav Polinchuk and Stanislav Avdeiko. Korotchenko did not respond to instant messages or emails sent on Monday.

 

1  2  Next Page 

Sign up for Computerworld eNewsletters.