Koobface Doubles C&C Servers in 48 Hours
12 Mar, 2010, 3:49 pm IST | by
tech2 News Staff
| 
|
Kaspersky Labs has warned of a surge in Koobface, the highly prolific worm infesting social networking sites. The malicious program targets sites such as Facebook and MySpace and uses compromised legitimate websites as proxies for its main command and control server. During the past 2 weeks, the Kaspersky Lab research team has observed the Koobface live C&C servers shut down or cleaned, on average, three times per day. The number dropped steadily from 107 on 25 February, to as low as 71 on 08 March. Then, in just 48 hours, the number grew from 71 to 142, precisely doubling its total number, which all Koobface-infected computers use to get remote commands and updates. The Koobface command and control infrastructure can be observed when looking at the evolution of the geographical location of IP addresses used to communicate with the infected computers. The usage of C&C servers is increasing mostly in the United Stated, growing from 48 percent to 52 percent. Currently, more than half of the Koobface C&C servers are hosted in the United States, far exceeding any other country. "These latest happenings give us some indications of how the Koobface gang takes care of its infrastructure, says Stefan Tanase, Senior Regional Researcher, Kaspersky Lab EEMEA. Based on this, we can conclude that the cybercriminals are constantly monitoring their infrastructure status. They don't want the number of C&C servers to drop too much, as that would mean losing their control over the botnet. When the number of active C&C servers drops to a critical level, they seem to be ready to implement dozens of new ones. The total number of Koobface C&C servers is constantly fluctuating, going from over a hundred to under a hundred and back again in a matter of weeks. It seems that when 100 C&C servers are online, the Koobface gang is relaxed. They also prefer to have their C&C servers distributed across the globe and with different ISPs, in order to make the take-down process harder. However, most of the Koobface C&C servers remain in the United States." Kaspersky Lab maintains that its users running any of the Company's current anti-malware products are fully protected from all known variants of Koobface. |
Tags: Kaspersky Labs
Mixx
Facebook
Twitter
Digg
delicious
reddit
MySpace
StumbleUpon
LinkedIn
The latest "should they-shouldn't they" event with Facebook is the lift of the minimu...
Leaked Images, Availability, Pricing,
Specs, Pre-order
Top 5 free all-in-one messengers for Windows
The number of instant messaging services have exploded, since the first...
Project Darpan: Digitizing Indian local languages
Compared to the relatively slow adoption rate of the traditional PC, that...
Top 10 tips for Internet Explorer 9
Microsoft’s browser Internet Explorer has been around a while and things
By Tech2
Nokia working on future PureView handsets, Lumia devices not in the frame yet
Chinmay Patel
Sat May 26, 02:49:40
Samsung Galaxy Ace Duos GSM announced
Pulkit Popli
Sat May 26, 01:03:29
Samsung Galaxy Ace Duos GSM announced
Rishi Mahajan
Fri May 25, 23:40:46
_011517074205_160x90.jpg "Epson Stylus Photo R3000")
BlackBerry Curve 9320 announced in India...
Samsung Galaxy Ace Duos GSM announced
Asus Eee Pad Transformer Prime TF201...
Future iPhone, iPads may offer optical...
About Us | Site Profile | Tech2 Team | IBNLive News | IBNLive Hindi News | Cricket News | Indian Stock Market | Policy | T & C
Copyright © 2011, Tech2.com India - A Network 18 India Venture
