Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    The KOOBFACE botnet continuously evolves to keep on generating profit for its perpetrators. The fact that the botnet is still alive shows that the cybercriminals behind it are making a fortune off it.

    In our effort to conduct research on and to monitor the latest developments made to the KOOBFACE botnet, we have noticed several changes in the way it operates. Some of the major changes the botnet has undergone from when we started unmasking it include the following:

    1. Using proxy command-and-control (C&C) servers
    2. Encrypting the gang members’ C&C communications
    3. Banning IP addresses from repeatedly accessing KOOBFACE-controlled sites
    4. Introducing new binary components
    5. Employing several layers of binary protection with the use of more complex packers

    These changes pose a greater challenge to security researchers in reverse-engineering existing KOOBFACE binaries and in monitoring the gang members’ C&C communications. Though the changes the gang has made to their botnet have made it interesting, someone has to put a stop to their malicious schemes and put the perpetrators where they belong—behind bars.

    For more information on the most recent developments on the KOOBFACE botnet based on our latest findings, read “Web 2.0 Botnet Evolution: KOOBFACE Revisited.” You may also find the following papers a good read to learn more about one of the most notorious botnets in existence today—KOOBFACE:

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice