Koobface: Inside a Crimeware Network

Introduction
There are numerous computer systems around the world that are under the control of malicious actors.These compromised computers,often known as zombies,form a botnet that receives and executes commands from botnet operators who harvest passwords,credit card numbers,and sensitive information from the zombies.Botnet operators also put the “zombies” to work by forcing them to send spam messages,create fraudulent accounts,and host malicious files.Rather than relying on sophisticated technical exploits,some botnet operators simply trick users into compromising themselves.Through fake Web sites,users are encouraged to download malicious software masquerading as benign.Sometimes,these fake,malicious Web sites are sent to users by their contacts on social networking sites.The rise of social networking tools has given attackers a platform to exploit the trust that individuals have in one another.People are much more likely to execute a malicious file if it has been sent to them by someone they know and trust.The information that individuals post online and the interests contained within their profile information can also be used to lure individuals into executing malicious software.Koobface is a botnet that leverages social networking platforms to propagate.

The operators of the botnet(known as Ali Baba and 40 LLC)have developed a system that uses social networking platforms,such as Bebo,Facebook,Friendster,Fubar,Hi5,MySpace,Netlog,Tagged,Twitter,and Yearbook,to send messages containing malicious links.These links are often concealed using the URL shortening service bit.ly and sometimes redirects to Blogspot blogs that redirect users to false YouTube pages hosted on compromised Web servers. These pages encourage users to download malicious software masquerading as a video codec or a software upgrade.Koobface also uses search engine optimization (SEO) techniques that allow these malicious sites to be listed highly in search engine results for popular search terms.

Download: PDF