1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

The Koobface malware gang - exposed!

Discussion in 'BlackHat Lounge' started by Desertfox, Jan 18, 2012.

  1. Desertfox

    Desertfox Regular Member

    Joined:
    Nov 13, 2011
    Messages:
    200
    Likes Received:
    37
    Occupation:
    Sysadmin
    Location:
    Europe
    • Thanks Thanks x 2
    Last edited: Jan 18, 2012
  2. exXtr@

    exXtr@ Power Member

    Joined:
    Aug 27, 2009
    Messages:
    526
    Likes Received:
    246
    Occupation:
    IM
    Location:
    Belgium
    thats some nice detective works just there , nice share.
     
    • Thanks Thanks x 1
  3. Desertfox

    Desertfox Regular Member

    Joined:
    Nov 13, 2011
    Messages:
    200
    Likes Received:
    37
    Occupation:
    Sysadmin
    Location:
    Europe
    Indeed. I thought the same. Very good and detailed detective work. Im on Page 3 and still reading.
     
  4. zen19

    zen19 Elite Member

    Joined:
    Mar 31, 2009
    Messages:
    1,671
    Likes Received:
    4,051
    Occupation:
    LOL ya right
    Location:
    International Waters
    slow readers lol.

    TBH given the size of their operation 2m a year income is probably wildly low.
     
    • Thanks Thanks x 1
  5. Desertfox

    Desertfox Regular Member

    Joined:
    Nov 13, 2011
    Messages:
    200
    Likes Received:
    37
    Occupation:
    Sysadmin
    Location:
    Europe
    Not slow. Busy wiht real life ATM :p

    Yea i bet those Sophos estamiates are way too low. 5-> million or more are realistic.
    They are talking about ~ 800 000 infected pcs/bots in year 2010...
    Its 2012 now.
    There are so many ways you can earn money with botnet larger than 1 000 000 ....

    I bet some of those guys are here reading the forums sometimes :p
    Just 4 fun.
     
  6. NapsteR

    NapsteR Jr. VIP Jr. VIP

    Joined:
    Mar 2, 2011
    Messages:
    2,779
    Likes Received:
    2,374
    Occupation:
    Full Time IMer
    Location:
    http://www.seophd.com
  7. Gudrulea

    Gudrulea BANNED BANNED

    Joined:
    Oct 20, 2010
    Messages:
    372
    Likes Received:
    82
    I've closed that investigation after page 2... I don't say it's bad but the gang is really fuqin stupid.

    Footprints everywhere !!! They don't know how to hide.
     
  8. Desertfox

    Desertfox Regular Member

    Joined:
    Nov 13, 2011
    Messages:
    200
    Likes Received:
    37
    Occupation:
    Sysadmin
    Location:
    Europe
    In the meantime many profiles went private.
    But from reading the NYC News Article & other Websites im getting the feeling they dont really want to hide their footprints...
    Noone can touch them, legally :)
     
  9. zen19

    zen19 Elite Member

    Joined:
    Mar 31, 2009
    Messages:
    1,671
    Likes Received:
    4,051
    Occupation:
    LOL ya right
    Location:
    International Waters
    Interesting how little footprints add up, you can work out a reasonably good strategy for avoiding this by reading the article like a manual.
     
    • Thanks Thanks x 2
  10. Desertfox

    Desertfox Regular Member

    Joined:
    Nov 13, 2011
    Messages:
    200
    Likes Received:
    37
    Occupation:
    Sysadmin
    Location:
    Europe
    http://www.infowar-monitor.net/reports/iwm-koobface.pdf

    xx 21,790 Facebook Accounts
    -- Total friends count: 935,000/Accounts with friends: 3105
    xx 350,854 Total Blogger Accounts
    xx 522,633 Total Google Accounts
    xx 4,842 Google Reader Accounts
    xx 4,044 100mb Accounts



    this is insane :p
     
    • Thanks Thanks x 1
  11. Gudrulea

    Gudrulea BANNED BANNED

    Joined:
    Oct 20, 2010
    Messages:
    372
    Likes Received:
    82
    That's not insane, that's possible. Also can you give me some arguments why they can't get touched (legally)? I'm somehow curious. Anyway... it's obivous these guys have some high traffic porn websites and their are big in this industry.

    zen19: these are BIG mistakes. Anyway I've just scanned the article, nothing new there. :D
     
    • Thanks Thanks x 1
  12. Desertfox

    Desertfox Regular Member

    Joined:
    Nov 13, 2011
    Messages:
    200
    Likes Received:
    37
    Occupation:
    Sysadmin
    Location:
    Europe

    well is all in the article.
    Maybe you should read it instead ot just "scan/overflow it"?

    In a nutshell: FBI is just watching. Cant do shit cause its out of their jurisdiction.
    And Russia doesnt give a ****. I wouldnt either if i were russia and some guys are getting millions and millions and PAY TAXES...
     
  13. oxonbeef

    oxonbeef BANNED BANNED

    Joined:
    Jan 4, 2009
    Messages:
    2,242
    Likes Received:
    7,872
    Lol they call that a net?
    Serious disinformation guys.
    Most of these so called security blogs talk out their arses.
     
    • Thanks Thanks x 1
  14. grapgat

    grapgat Newbie

    Joined:
    Jan 4, 2012
    Messages:
    35
    Likes Received:
    9
    Yep, i was just thinking the same thing... these guys really didn't put much effort into remaining anonymous
     
  15. Virus1

    Virus1 Supreme Member

    Joined:
    Dec 13, 2010
    Messages:
    1,326
    Likes Received:
    1,409
    Occupation:
    destroyer of worlds...
    Location:
    Welcome to Black Hat World........................
    Home Page:

    I was about to say that.

    Going legit with IM one can make 2 mil, easily.

    These crooks are lazy too.... hahahaha
     
  16. dragonian

    dragonian Regular Member

    Joined:
    Dec 26, 2009
    Messages:
    242
    Likes Received:
    62
    i've gone thru the materials and the pdf references. wow these guys really kick a$#. when most of us have just a couple of blackhat tools, these guys develop several custom tools that work seamlessly to come up with a well-oiled blackest of the blackhat system. my mind is swirling now. i am thinking of replicating their system sans malware. twist their system and you can have your own ultimate spam system.
     
    • Thanks Thanks x 1
  17. backontrack

    backontrack Power Member

    Joined:
    Jun 5, 2011
    Messages:
    517
    Likes Received:
    430
    Occupation:
    Father, Web development
    Location:
    I Love Apricot
    • Thanks Thanks x 1
  18. Desertfox

    Desertfox Regular Member

    Joined:
    Nov 13, 2011
    Messages:
    200
    Likes Received:
    37
    Occupation:
    Sysadmin
    Location:
    Europe
    Ive got the same idea.
    But i always get stuck on the "team up with 1-2 partners" point.
    These days trustworthy partners are rare...

    And those guys know each other in real life.
    Travel with their families etc...
     
  19. keinehabe

    keinehabe Supreme Member

    Joined:
    Nov 4, 2008
    Messages:
    1,207
    Likes Received:
    472
    Gender:
    Male
    Occupation:
    -= CEO =-
    Location:
    Heaven
    Home Page:
    :) '' leaving the avstats / webanalizer folders unprotected '' L O L ! nothing more to say !