Koobface malware gang – the noose tightens?

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

KoobfaceMembers of the Koobface malware gang might be feeling a little hot under the collar as evidence has begun to spill onto the internet about the alleged identity of one of its members.

Koobface has been terrorising millions of internet users since mid 2008, and much investigation has taken place into how the malware works, the group’s business model and revenue chains.

However, despite multiple attempts by the authorities to bring down its infrastructure permanently, Koobface remains a significant and ongoing threat.

In 2009, Sophos experts – working with trusted others in the computer security industry – began working on a secret operation to identify key members of the Koobface gang, and shared the information with law enforcement agencies.

Sign up to our free newsletter.
Security news, advice, and tips.

By February 2010, we believed that we had identified not just one suspected member of the Koobface gang, but other apparent accomplices too.

Individuals named in report investigating Koobface gang

And it’s not just names that we have dug out – but photos, addresses, phone numbers, social networking accounts, movies, company registrations, personal relationships, even details of what cars they own..

In the case of at least one gang member, his location can even be tracked hour-by-hour as he checks into locations via FourSquare (he was at the movies last night, for instance).

Cinema visit

Those investigating the Koobface gang have kept silent about this research until now, at the request of the authorities, because of ongoing law enforcement efforts.

However, now details have unfortunately begun to leak onto the net. And we know that some of the individuals unearthed by our investigations have been made aware of the interest in them. The cat can truly be said to be peeking out of the bag.

It’s important, of course, to recognise that the names we have identified have not yet been charged in relation to Koobface, and have not been found guilty of any crimes. The evidence unearthed only links individual names to ones being used by the Koobface gang – it does not necessarily prove their involvement.

We hope to be able to share much more information, including a paper about the Koobface investigation which had to be withdrawn from a security conference, with readers in the coming days. Watch this space.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.