All the latest UK technology news, reviews and analysis

Koobface and the trials of security research

18 Jan 2012

The problems, risks and frustrations involved in security research have been laid bare over the past week, after first an independent researcher, then the New York Times and finally security vendor Sophos decided to go public with information on the identities of five men suspected of masterminding the Koobface botnet.

In a detailed blog post on Tuesday, Sophos published an analysis of the research that led to the discovery of the men's identities, under the name of one of its researchers, Dirk Kollberg, and an independent, Jan Dromer.

Not credited, however, was the Trend Micro team, particularly Jonell Baltazar, Joey Costoya and Ryan Flores, key members of the cross-industry Koobface Taskforce, which has monitored and reported on the workings of Koobface since its discovery in 2008, according to the vendor's EMEA director of security research, Rik Ferguson.

Could Sophos be trying to steal the security thunder for itself here? Well, the industry collaborators involved in the project, including Trend Micro, Facebook's security team and others, are only briefly mentioned at the end of the article.

If anyone believed 2012 was set to usher in a new era of co-operation between security teams on different sides in a bid to snuff out the threat of a common enemy, well, they may be disappointed.

Perhaps more disappointing, however, is the actions of the lone security researcher who first revealed the findings of the group last week.

"The evidence had been in the hands of law enforcement on an on-going basis. It's never advisable to expose evidence until law enforcement has taken action, like with the Esthosts take-down," Ferguson told V3.

Whether those involved have now gone to ground and covered their tracks remains to be seen, but they have already proved themselves to be canny operators in the way they propagated the worm and monetised their malware, he added.

"Any criminal knows they are under investigation, so they are constantly shifting and adapting their techniques and methodologies," said Ferguson. "They have been very good at trying to remain undetected and adapting their technologies as time goes by."

Ferguson has published a full blog post on Trend Micro's input into the project.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Phil Muncaster

Phil Muncaster is news editor at, a role he has fulfilled since January 2010. Previously he was chief reporter for IT Week, having also worked as a reporter and senior reporter on the publication from 2005.

Before IT Week, Phil worked as a researcher for the Rough Guide. Prior to his work in journalism, Phil spent three years teaching English in Japan.



More on Security
What do you think?
blog comments powered by Disqus

BYOD vs CYOD vs BYOC poll

Which approach is your firm taking to managing employees' mobile devices?

Popular Threads

Powered by Disqus
Galaxy S5 vs iPhone 5S vs Nexus 5 showdown

Galaxy S5 vs iPhone 5S vs Nexus 5

We speed test three of the most popular smartphones

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Data protection: the key challenges

Deduplication is a foundational technology for efficient backup and recovery


iPad makes its mark in the enterprise

The iPad can become a supercharged unified communications endpoint, allowing users to enhance their productivity

Software Development Engineer

Develop: Customise: Configure. Maximise your technical...

IT Systems Administrator

Abscissa.Com Limited trades as Jokers’ Masquerade, a...

PHP Team Lead

Holmes Media is seeking an experienced and highly motivated...

Network Engineer

Our Company: CGG ( is a fully...
To send to more than one email address, simply separate each address with a comma.