Koobface Gang Identified
January 18, 2012

Koobface Gang Identified

A gang of Russian cyber criminals behind the Koobface computer virus that has plagued Facebook and other sites since 2008 has been identified, according to online security experts.

The Koobface virus depended on the ignorance of online users. The virus would send the user a message like, “You look just awesome in this new movie.” If a user clicked on the link it would falsely tell them their Flash player needed to be upgraded which would then expose the computer to the Koobface malware. Computer owners were tricked into becoming part of a botnet comprised of hundreds of thousands of infected computers.

According to Facebook, “Koobface was able to perform these actions by communicating with a central ℠Command & Control´ server, which directed the compromised computers to do the gang´s bidding.”

Last March, Facebook was able to deactivate the command & control server and has kept Koobface off its site for the last nine months. They said, “While we have been able to keep Koobface off Facebook, we won´t declare victory against the virus until its authors are brought to justice.”

The men responsible for the virus have been discovered in St. Petersburg, Russia. The gang opened themselves up to become discovered and their identities have been known for years to Facebook. One member broadcast the coordinates of the gang's offices by checking in on Foursquare, a location-based social network.

The New York Times reports the members as Anton Korotchenks, who uses the online alias “KrotReal”; Stanislov Avdeyko nicknamed “leDed; Svyatoslav E. Polichuck known as “PsViat” and “PsycoMan”; Roman P. Koturbach or “PoMuc” and Alexander Koltysehv or “Floppy”.


On the Net: