IT Today Catalog Auerbach Publications ITKnowledgebase IT Today Archives infosectoday.com Book Proposal Guidelines IT Today Catalog Auerbach Publications ITKnowledgebase IT Today Archives infosectoday.com Book Proposal Guidelines
Auerbach Publications

IT Performance Improvement

Management

Security

Networking and Telecommunications

Software Engineering

Project Management

Database

Free Subscription to IT Today





Powered by VerticalResponse

 
Information Security Management: Concepts and Practice
Vein Pattern Recognition: A Privacy-Enhancing Biometric
The Executive MBA in Information Security
Security of Mobile Communications
Data Protection: Governance, Risk Management, and Compliance
Vulnerability Management

Koobface Worm Doubles Its Number of Command and Control Servers in 48 Hours

March 12, 2010--The shut down and recovery of the Troyak-as command and control center (C&C) for the active Zeus botnet was good news for the whole IT security community. But unfortunately, as some botnets struggle, others stay unaffected. As part of their relentless effort to stay ahead of cybercriminals, Kaspersky Lab's research and analysis team have recently monitored a surge in Koobface C&C servers, the highly prolific worm infesting social networking sites. Koobface targets sites such as Facebook and Twitter, and uses compromised legitimate websites as proxies for its main command and control (C&C) server.

Definition of Command & Control Center
Command and control centers are servers maintained by the owners of a botnet and used to enable the infected computers to "call back to their masters" and get updates and commands, such as downloading new or more malware, or stealing various computer files or personal information, such as banking accounts.

During the past 2 weeks, the Kaspersky research team has observed the Koobface live C&C servers shut down or cleaned on an average of three times per day. The number dropped steadily from107 on February 25 to as low as 71 on March 8. Then, in just 48 hours, the number grew from 71 to 142, precisely doubling the total number of C&C servers, which all Koobface infected computers use to get remote commands and updates (see chart).

1. United States52.23%
2. Germany8.48%
3. Canada4.46%
4. Great Britain3.57%
5. Netherlands3.13%
6. Denmark2.68%
7. Turkey2.68%
8. Belgium2.68%
9. Austria2.23%
10. Switzerland1.79%

Command & Control Centers Hosted in U.S. Increase
Another interesting element currently happening with the Koobface command and control infrastructure can be observed when looking at the evolution of the geographical location of IP addresses used to communicate with the infected computers. The usage of C&C servers hosted in the United States is increasing, growing from 48 percent to 52 percent. Currently, more than half of the Koobface C&C servers are hosted in the United States, far exceeding any other country.

© Copyright 2010 Auerbach Publications