The British found the management server botnet Koobface
And not only found, but also closed the three main managers of the well-known botnet Koobface. Experts from the UK believe that this botnet belongs to the "Russian-speaking cybercriminals." Servers, as it turned out, were stopped on Friday evening, which caused significant damage to the "Russian" botnet.
The servers were disconnected immediately after experts proved that these servers belong to this botnet. Three control servers were connected via an English provider. They disconnected the servers after the police turned to the management of the Coreix provider, through which the botnet communicated with the management servers. Now servers are offline, and botnet activity has decreased significantly.
The first time a botnet proved itself two years ago, and this botnet became famous for the fact that Facebook was used to infect users' computers. Actually, this botnet was named “in honor of” this social network. As an attraction, the botnet uses a suggestion to view an interesting video sent to social network users. After the user clicks the invitation, he is prompted to update the flash player.
')
Naturally, no updates are installed, but a Java script is loaded, which is a malicious program. The creators of the botnet are well thought out scheme of the distribution of malicious script that loads the client part of the botnet on users' computers. In addition to Facebook, the botnet also works with such social networks as MySpace, Twitter and some others. One of the most interesting moments in the work of a botnet is that even computers with Max OS X OS are exposed to it. Until now, very few malicious programs were known that can effectively, if this word is applicable in this case, work with this operating system.
After infection, the virus displays a suggestion to download an antivirus that allegedly finds viruses in the system and requires money for “cleaning the PC”. You can send money by SMS, or by sending money through the bank. It should be noted that one of the disabled servers just worked with the financial flows of hackers. Reports about his work botnet sent to the Russian numbers, about once a day. Experts say that one of the hackers lives in St. Petersburg.
The opinion of many experts is rather pessimistic - only three managing servers have been found, while there may be hundreds of them. But the same experts believe that finding other servers is a matter of time, and thanks to the experience gained, they can be found much faster.
The servers were disconnected immediately after experts proved that these servers belong to this botnet. Three control servers were connected via an English provider. They disconnected the servers after the police turned to the management of the Coreix provider, through which the botnet communicated with the management servers. Now servers are offline, and botnet activity has decreased significantly.
The first time a botnet proved itself two years ago, and this botnet became famous for the fact that Facebook was used to infect users' computers. Actually, this botnet was named “in honor of” this social network. As an attraction, the botnet uses a suggestion to view an interesting video sent to social network users. After the user clicks the invitation, he is prompted to update the flash player.
')
Naturally, no updates are installed, but a Java script is loaded, which is a malicious program. The creators of the botnet are well thought out scheme of the distribution of malicious script that loads the client part of the botnet on users' computers. In addition to Facebook, the botnet also works with such social networks as MySpace, Twitter and some others. One of the most interesting moments in the work of a botnet is that even computers with Max OS X OS are exposed to it. Until now, very few malicious programs were known that can effectively, if this word is applicable in this case, work with this operating system.
After infection, the virus displays a suggestion to download an antivirus that allegedly finds viruses in the system and requires money for “cleaning the PC”. You can send money by SMS, or by sending money through the bank. It should be noted that one of the disabled servers just worked with the financial flows of hackers. Reports about his work botnet sent to the Russian numbers, about once a day. Experts say that one of the hackers lives in St. Petersburg.
The opinion of many experts is rather pessimistic - only three managing servers have been found, while there may be hundreds of them. But the same experts believe that finding other servers is a matter of time, and thanks to the experience gained, they can be found much faster.
Source: https://habr.com/ru/post/108101/
All Articles