Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Facebook Unmasks Reputed Koobface Gang Members

The mask protecting the infamous Koobface gang appears to have been yanked down by a mix of Facebook investigators and security researchers.

The mask protecting the infamous Koobface gang appears to have been yanked down by a mix of Facebook investigators and security researchers.

According to the New York Times, those tracking the worm have identified the following five people as being part of the Koobface crew, which has adopted the name “Ali Baba & 4”: Anton Korotchenko, who uses the online alias “KrotReal”; Stanislav Avdeyko, known as “leDed”; Svyatoslav E. Polichuck, who goes by the names “PsViat” and “PsycoMan”; Roman P. Koturbach, who uses the moniker “PoMuc”; and Alexander Koltysehv, who goes by the nickname “Floppy.”

Koobface Gang MembersMembers of the gang are believed to be hiding in plain sight in St. Petersburg, Russia. Efforts by the Times to contact the five were unsuccessful.

Graham Cluley, senior technology consultant at Sophos, blogged that the company’s own investigation of the crew uncovered the same five names. He cautioned however that the people named have not yet been charged, and the evidence only links individual names to ones being used by the Koobface gang.

The Koobface worm has been the source of much research and speculation since it was first detected back in 2008. The worm, which got its name from an anagram of Facebook, is known for targeting a variety of social networks including MySpace, hi5, and of course, Facebook.

The worm is known for hitting users with pay-per-install malware as well as hijacking search queries to display advertisements. A report from the Information Warfare Monitor initiative in 2010 showed that the crew behind the malware made more than $2 million between June 2009 and June 2010 using pay-per-click and pay-per-install affiliate programs and compromising computers with rogue antivirus.

Just recently, researchers at Trend Micro, the Koobface crew designed their own traffic direction system (TDS) to aid in their operations and possibly offer as a service to others. The gang’s TDS handles all the traffic referenced to their affiliate sites, which combined with new binary components increase the amount of traffic headed to their TDS and generates a bigger profit.

Facebook did not respond to a request for comment by SecurityWeek on the situation. However, Cluley blogged that Sophos has shared its findings with authorities, and the Times reported Facebook has done the same. According to the Times, Facebook officials believe naming names can make it harder for cyber-crews to operate.

“We’ve had a picture of one of the guys in a scuba mask on our wall since 2008,” Ryan McGeehan, manager of investigations and incident response at Facebook, told the Times.

Advertisement. Scroll to continue reading.
Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.