Alleged Koobface gang members exposed

Security researchers have revealed the identities of five men they suspect of helping to mastermind the notorious Koobface attacks on social networking users.

Koobface came to prominence in 2008 as a piece of Trojan software generating messages to friends of infected users prompting them to click on a malicious link. Once infected, users' computers became part of the growing Koobface botnet, earning the gang millions of dollars a year, according to Sophos.

The worm targetted social networking users to take advantage of the greater trust levels users of these sites have when it comes to clicking on links purporting to come from friends or contacts.

Now, independent researcher Jan Dromer and the SophosLabs researcher Dirk Kollberg, believe they have found the men responsible, tracking them back to an office in St Petersburg.

"As in real life, a perfect (cyber) crime is something of a myth. The simple truth is that today's cyber crime landscape is aimed at achieving maximum revenue with minimal investment and that implies a certain level of accepted imperfection," the two wrote in a Sophos blog post.

"It is this imperfection, paired with a sense of ‘criminal arrogance' and an uncontrollable threat environment such as the internet that ultimately led to the identification of multiple suspects forming the ‘Koobface gang'."

The researchers explained that an oversight by the gang enabled public access to one of their command and control (C&C) servers, which, in turn, allowed investigators to view a detailed daily back-up of the C&C software.

Sophos senior technology consultant Graham Cluley explained that the matter now rests with the Russian police.

"We know the gang's names, their phone numbers, where their office is, what they look like, what cars they drive, even their mobile phone numbers," he added. "Now we have to wait and see what, if any, action the authorities will take against the Koobface gang."