One of the best-known networks of compromised personal computers, assembled largely through deceptive web links sent from Facebook accounts, earns its proprietors about $2m a year.
That’s one of the conclusions in a study released Friday by Information Warfare Monitor researcher Nart Villeneuve, who won access to archives of the software that the Russian criminals used to control the program known as Koobface, which is an anagram of Facebook. Koobface generally spreads when an infected machine uses a victim’s social network accounts to send messages to friends, urging them to watch a video. The link usually asks the message recipient to download a program in order to watch; that program is actually Koobface.
The gang made half its money in a recent 12-months period by installing bogus security software on compromised machines on behalf of various clients, taking a commission each time.
The rest of the Koobface group’s income took more effort and has until now pretty much escaped notice.
Some of the malicious software installed on users’ machines sprang into action only when users searched Google or other engines for certain PC security terms and then clicked on a paid link. Instead of going to that link, they were redirected to bogus security sites, which in turn paid the gang.
In either case, infected users could end up with rogue security software that could prompt them for payment or steal credit card information and other sensitive data.
Most of the engineering effort at Koobface appears geared toward propagation. The program forced users to solve Capchas, the visual puzzles aimed at screening out automated account-creation, and their answers were then used to create more than a half-million Google accounts.
Although Mr Villeneuve uncovered the mobile phone numbers of four gang leaders and turned his database over to authorities in his home country of Canada, he said poor international cooperation and the small sums involved in each fraud meant that prosecution was unlikely.
