Koobface servers switched off following investigation

Command and control (C&C) servers utilized by owners of the Koobface botnet have reportedly stopped responding following an investigation this week.

According to Sophos, the C&C servers were switched off on Tuesday morning after the report was released, and individuals speculated to were behind the Facebook worm had been deleting their profiles on social networks.

Talking to Reuters, Facebook chief security officer Joe Sullivan said he had endorsed the report's release because he felt the exposure might disrupt the gang. Both German researchers behind the report, Jan Droemer and Dirk Kollberg, said they suspected that the hackers have been figuring out of a location in St Petersburg and that they had planned to carry off publishing their data until the police had captured them.

Russia's anti-cyber-crime unit, the inside Ministry's K Directorate, said it has yet to research the problem as it has not been asked to. Larisa Zhukova, a representative on the unit, told Reuters: “An official request should be filed to the K Directorate first, and when it's filed, we can certainly investigate and work on it.

“The request must come from the victim, that's Facebook. Because anyone can say or write anything, however it is all unfounded to date. Even though it becomes a criminal case, the investigative unit will settle on possible charges. It's hard to hypothesise on a probable sentence at the moment.”

Sullivan welcomed the dialogue at the challenges of cross-border enforcement. He said: “Ultimately, the goal here's to have an effect. As a safety team, we do not have the luxurious that each case leads to an arrest.”

Koobface primarily distributed videos and malicious links through Facebook and other social networking sites, storing a user's login details and distributing links to their friends. Research by Kaspersky Lab in 2010 found that Koobface is in a position to double its variety of C&C servers in a 48-hour period.