Continued Malware Hijinks with Mass Webserver Compromises

While the jury’s still out about whether the intent of the past month’s mass webserver breaches are fully criminal, Dancho reports new developments which also link Koobface activity into this command and control structure:

Dancho goes on within his investigative piece to list the same IP addresses being used as a key Koobface botnet command and control host site, as well as the same email address discovered previously associated with the Koobface gang.

Opinion: It used to be easier…

Things were so much easier in physical crime. Usually money is the motivator, but there are also more human qualities like envy or jealousy (to quote one collector’s motivation to hire out a commercial burglary, “…he had more [ancient Anasazi] pottery than anyone else…”). Connecting the dots is the struggle in both forms of investigation or counter-intelligence. Finding the coincidences and matching them up turns out the best results.

This, my all-time favorite Dancho quote frames cyber-intelligence analysis properly:

    • Given that enough historical OSINT is available, the cybercrime ecosystem can be a pretty small place.

This is a winnable struggle: the adversary is human…

The key element is that they’re refining the procedure but at the same time it’s becoming repetitive. That means, in our analysis of all things with a tempo, that the beat of the cybercrime drum can be disrupted. 

While I’m stuck hoping that Dr. Gordon Freeman Dir. Gordon Snow can work his own ‘24’ scenario on these cybercriminals, it’s safe to say that the business model for cybercrime is still well preserved and specialized. In fact, the same process-driven mindset ultimately leads to the demise of most international organized crime organizations – once they’re able to be fully taken down.

Securing Our eCity Contributing Writer

Diving Deeper: More Resources

  1. Malware Injection Campaign: A Retaliation?
  2. 10 things you didn't know about the Koobface gang
  3. Top 10 signs your computer may be part of a Botnet
  4. Another Look at Koobface: How It Infects Facebook Users
  5. From the Koobface Gang with Scareware Serving Compromised Sites
  6. Cybercrime and Cyberwarfare: Warnings Unheeded?
  7. There’s Nothing of Value on My Computer

Author , ESET

Comments are closed.

Follow us

Copyright © 2017 ESET, All Rights Reserved.