Social network giant Facebook has released identities of those it believes to be behind the Koobface malware
Facebook has published the names of five men it believes are part of the Koobface gang, whose malware has made the group millions of pounds.
The naming and shaming of the individuals involved is believed to be an attempt to make the Russian authorities investigate the group, who have been known to Facebook since 2008 and live a comfortable lifestyle in St. Petersburg.
A click too far
Koobface’s worm first appeared in July 2008 and invited Facebook users to watch a funny or sexy video. when users clicked, they were redirected to the group’s malware, disguised as a Flash update. Victims’ PCs then became part of a network of infected PCs which sent advertisements for fake antivirus software, while web searches delivered clicks to suspect marketers.
Kaspersky Labs estimated that the network included 400,000 – 800,000 PC’s at its peaks with victims often unaware their machines have been compromised. It is suggested that the scam earned the group as much as £2 million a year.
Facebook was able to identify those involved weeks after the worm first began to appear on the social network, but none of the men have ever been charged with a crime and no law enforcement agencies have ever officially investigated them.
The men were identified using only public information posted on the Internet. Pictures, statuses and locations posted to Faebook, FourSquare and Twitter revealed that they live normal lives and take holidays to exotic locations.
Freedom to run riot
Facebook was able to eradicate the worm from its site, but has decided to reveal the men’s names to aid its fight against the group and other groups like them. It also believes that its actions will make it harder for similar operations to carry out malicious activities and would send a message to the criminal underground.
The lifestyle enjoyed by the Koobface gang demonstrates how hard it is for authorities to apprehend international criminals, even when their identities are known, as it requires cooperation between different countries.
Social networks are increasingly being targeted by scammers and it was revealed only last month that the group was back and targeting pay-per-click advertising, using a “sophisticated” traffic-direction-system.