The KOOBFACE botnet is known for using the pay-per-install (PPI) and pay-per-click (PPC) business models in order to make money. In 2009 alone, the KOOBFACE gang earned about US$2 million. This was, however, not enough, as the gang upgraded their botnet framework with the creation of a sophisticated traffic direction system (TDS) that handles all…
Read MoreJonell Baltazar
Senior Threat Researcher
The KOOBFACE botnet became known for using popular social networking sites as a propagation vector and abusing these platforms for malicious purposes. We recently observed that KOOBFACE no longer actively propagates via social networks but rather does so via a torrent P2P network through sharing Trojanized application files. While conducting research, we found a “loader”…
Read MoreThe KOOBFACE botnet continuously evolves to keep on generating profit for its perpetrators. The fact that the botnet is still alive shows that the cybercriminals behind it are making a fortune off it. In our effort to conduct research on and to monitor the latest developments made to the KOOBFACE botnet, we have noticed several…
Read MoreThe KOOBFACE FTP grabber component, which is a variant of the LDPINCH Trojan family, usually drops stolen FTP user names and passwords to a remote server controlled by the KOOBFACE gang. This remote server, located in Hong Kong, was taken down last week, thanks largely to the efforts of the Hong Kong Computer Emergency Response…
Read MoreTrend Micro advanced threat researchers recently came across a new ZBOT/ZeuS binary file detected as TROJ_ZBOT.BTM. ZBOT/ZeuS variants are well-known for stealing banking information from its victims via various social engineering tactics (e.g., spammed messages, malicious links sent to social networking site members in the guise of messages, and compromised legitimate sites), as evidenced by…
Read More