Processing .....please wait.. 
The article has been forwarded.... 
Koobface worm doubles its number in 48 hours
By
SiliconIndia,Thursday, 11 March 2010, 18:25 Hrs
Bangalore: Kaspersky Lab, a developer of secure content management solutions, warns of a surge in Koobface, the highly prolific worm infesting social networking sites. The malicious program targets sites such as Facebook and MySpace and uses compromised legitimate websites as proxies for its main command and control server.
During the past 2 weeks, the Kaspersky Lab research team has observed the Koobface live C&C servers shut down or cleaned, on average, three times per day. The number dropped steadily from 107 on 25 February, to as low as 71 on 08 March. Then, in just 48 hours, the number grew from 71 to 142, precisely doubling its total number, which all Koobface-infected computers use to get remote commands and updates.
The Koobface command and control infrastructure can be observed when looking at the evolution of the geographical location of IP addresses used to communicate with the infected computers. The usage of C&C servers is increasing mostly in the United Stated, growing from 48 percent to 52 percent. Currently, more than half of the Koobface C&C servers are hosted in the United States, far exceeding any other country.
"These latest happenings give us some indications of how the Koobface gang takes care of its infrastructure. Based on this, we can conclude that the cybercriminals are constantly monitoring their infrastructure status. They don't want the number of C&C servers to drop too much, as that would mean losing their control over the botnet. When the number of active C&C servers drops to a critical level, they seem to be ready to implement dozens of new ones. The total number of Koobface C&C servers is constantly fluctuating, going from over a hundred to under a hundred and back again in a matter of weeks," said Stefan Tanase, Senior Regional Researcher, Kaspersky Lab EEMEA.
It seems that when 100 C&C servers are online, the Koobface gang is relaxed. They also prefer to have their C&C servers distributed across the globe and with different ISPs, in order to make the take-down process harder. However, most of the Koobface C&C servers remain in the U.S.
During the past 2 weeks, the Kaspersky Lab research team has observed the Koobface live C&C servers shut down or cleaned, on average, three times per day. The number dropped steadily from 107 on 25 February, to as low as 71 on 08 March. Then, in just 48 hours, the number grew from 71 to 142, precisely doubling its total number, which all Koobface-infected computers use to get remote commands and updates.
The Koobface command and control infrastructure can be observed when looking at the evolution of the geographical location of IP addresses used to communicate with the infected computers. The usage of C&C servers is increasing mostly in the United Stated, growing from 48 percent to 52 percent. Currently, more than half of the Koobface C&C servers are hosted in the United States, far exceeding any other country.
"These latest happenings give us some indications of how the Koobface gang takes care of its infrastructure. Based on this, we can conclude that the cybercriminals are constantly monitoring their infrastructure status. They don't want the number of C&C servers to drop too much, as that would mean losing their control over the botnet. When the number of active C&C servers drops to a critical level, they seem to be ready to implement dozens of new ones. The total number of Koobface C&C servers is constantly fluctuating, going from over a hundred to under a hundred and back again in a matter of weeks," said Stefan Tanase, Senior Regional Researcher, Kaspersky Lab EEMEA.
It seems that when 100 C&C servers are online, the Koobface gang is relaxed. They also prefer to have their C&C servers distributed across the globe and with different ISPs, in order to make the take-down process harder. However, most of the Koobface C&C servers remain in the U.S.
Don't Miss
Write your comment now
|
Submit your news/press release
Let our editorial department know about any news about your company, your
organization, or yourself, or any press release that you have. If we find it suitable for our audience, we will contact you and make a news. Please
also share any links for the news.
Disclaimer
Messages posted on this Web site under the `Comments' area are solely the opinions of those who have posted them and do not necessarily reflect the opinions of Infoconnect Web Technologies India Pvt Ltd or its site www.siliconindia.com. Gossip, mud slinging and malicious attacks on individuals and organizations are strictly prohibited. Infoconnect Web Technologies India Pvt Ltd can not be held responsible for errors or omissions in content, nor for the authenticity of the user/company name or email addresses associated with posted messages. Infoconnect Web Technologies India Pvt Ltd reserves the right to edit or remove messages containing inappropriate language or any other material that could be construed as libelous, potentially libelous,
or otherwise offensive or inappropriate.Infoconnect Web Technologies India Pvt Ltd do not endorse the products and services or any other offerings mentioned in these messages.
- Software Testing is Dead!!!
- Indian Army Preparing for Limited Conflict with China
- Indian Brains Behind 50 Percent of U.S. Patents
- Why is Priyanka Gandhi Liked More than Rahul Gandhi?
- Selective Abortion on the Rise among Indians in North America
- India's Most Wanted: Pak's Political Hero
- 5 Best Android Smartphones Under Rs.10,000
Beautiful and dress selection, please go to Dresses
| Plan on visiting the Lotus Temple? Get Great Deals on Delhi Hotels ! |
Buy India Wholesale Products on DHgate.com
SPOTLIGHT
General
28 percent of Indians are ‘very likely’ to take up a full time job overseas for two to three y..
|
|
|
|
|
