Koobface servers go dark

Command and control (C&C) servers used by owners of the Koobface botnet have reportedly stopped responding following an investigation this week.

According to Sophos, the C&C servers were switched off on Tuesday morning after the report was released, and individuals alleged to have been behind the Facebook worm have been deleting their profiles on social networks.

Facebook chief security officer Joe Sullivantold Reuters he endorsed the report's release because he felt the exposure might disrupt the group.

The two German researchers behind the report, Jan Droemer and Dirk Kollberg, said they suspected that the hackers had been working out of a location in St Petersburg and they had planned to hold off publishing their data until the police had captured them.

But Russia's anti-cyber-crime unit, the Interior Ministry's K Directorate, said it was not asked to  investigate the matter.

 "An official request needs to be filed to the K Directorate first, and when it's filed, we will certainly investigate and work on it." directorate spokeswoman Larisa Zhukova told Reuters.

“The request must come from the victim, that is Facebook. Because anyone can say or write anything, but it is all unfounded so far. Even if it turns into a criminal case, the investigative unit will decide on possible charges. It is hard to hypothesise on a possible sentence right now.”

Sullivan welcomed the dialogue on the challenges of cross-border enforcement.

“Ultimately, the goal here is to have an impact. As a security team, we don't have the luxury that every case ends in an arrest.”

Koobface primarily distributed videos and malicious links through Facebook and other social networking sites, storing a user's login details and distributing links to their friends.

Research by Kaspersky Lab in 2010 found that Koobface is able to double its number of C&C servers in a 48-hour period.

This article originally appeared at scmagazineuk.com