An adaptive and long-lasting virus on Facebook, called Koobface, highlights how cybercriminals operate on social networks, and how companies like Facebook invest big in security to ward them off.
Koobface, which is an anagram for Facebook, works by infecting a person’s Facebook account and sending links to that person’s friends to watch videos. That the link comes from a friend often begets trust, so people are likely to click on them. Once the link is clicked, users are given the option to update their Flash to watch the video, and in doing so, they install the malware on their computer. Once the malware is installed, the computer becomes a botnet for Koobface–a hub in the Koobface network, controlled by the Koobface operator. The worm immediately shoots out into that user’s network of friends and tries to entice them to click the link.
Koobface has been around since 2008, and the cybercriminals, purportedly located primarily in Russia but spread throughout the globe, earned an estimated $2 million between the months of June 2009 and June 2010, according to the Information Warfare Monitor, a Canadian firm specializing in monitoring cybercrime.
The remote locations and varied jurisdictions allow cyber criminals to operate in impunity; international law is often difficult to enforce and tangles with politics.
According to the Information Warfare Monitor report on Koobface, these criminals operate with virtually zero fear of repercussion.
Since international law is a few steps behind, Facebook has been building defenses and collecting evidence in earnest.
According to the New York Times, Facebook has expanded their security team, created a tool for quickly recognizing malware attacks, and made devices to talk to Facebook users about the attacks–all in response to Koobface alone.
Additionally, Facebook is gathering coding, location, and identity information with the hopes of eventually prosecuting the cybercriminals involved. The Palo Alto Company employs a staff of 20 full-time, dedicated security specialist, but when malware attacks go live, security details can spread across the company, arresting the attention of more than 50 people.
Facebook uses algorithms to halt Koobface attacks while they are in progress, then keeps a blacklist of malicious Web links so they can’t be reused in the future.
According to the New York Times, Facebook will relentlessly pursue Koobface criminals. Given the opportunity to prosecute, the company plans to use all the evidence to seek aggressive convictions.
Koobface works in such a way that doesn’t prompt much political or individual backlash. They exploit thousands upon thousands of accounts for mere pennies at a time. In doing so, they’re fortunes grow at very little loss to any single individual. Nonetheless, it is important for governments to reach some sort of consensus on international law pertaining to these activities. Koobface operated with “ethical restraint,” according to Information Warfare Monitor. Other cybercrime groups may not practice such restraint.