http://blog.trendmicro.com/new-koobface-upgrade-makes-it-takedown-proof/
Jul
22
“New KOOBFACE Upgrade Makes It Takedown-Proof”
7:51 am (UTC-7) | by Jonell Baltazar (Advanced Threats Researcher)
SNIPPET: “KOOBFACE made waves in social networking sites by using infected users profiles to infect other users and therefore propagate. We have chronicled its activities in the following blog posts:
KOOBFACE Increases Twitter Activity
New KOOBFACE Component: a DNS Changer
KOOBFACE Tweets
KOOBFACE Tries CAPTCHA Breaking
New Variant of KOOBFACE Worm Spreading on Facebook
Worms Wriggling Their Way Through Facebook”
Previously...
http://ddanchev.blogspot.com/2009/07/dissecting-koobface-worms-twitter.html
WEDNESDAY, JULY 15, 2009
“Dissecting Koobface Worm’s Twitter Campaign”
Posted by Dancho Danchev
Blog:
http://ddanchev.blogspot.com/2009/08/movement-on-koobface-front-part-two.html
WEDNESDAY, AUGUST 19, 2009
“Movement on the Koobface Front - Part Two”
Posted by Dancho Danchev
#
Previously...
http://ddanchev.blogspot.com/2009/08/movement-on-koobface-front.html
TUESDAY, AUGUST 04, 2009
“Movement on the Koobface Front”
Posted by Dancho Danchev
blog:
http://ddanchev.blogspot.com/2009/10/koobface-botnet-dissected-in-trendmicro.html
WEDNESDAY, OCTOBER 14, 2009
“Koobface Botnet Dissected in a TrendMicro Report”
Posted by Dancho Danchev
SNIPPET: “I’d like to thank the folks at TrendMicro for mentioning the message inserted by the Koobface gang (more love on a first-name basis from them) within their command and control infrastructure for nine days, greeting me for systematically kicking them out of their ISPs, and suspending their command and control domains, in a new report entitled The Heart of Koobface - C&C and Social Network Propagation:”
Quote:
http://www.freerepublic.com/focus/f-bloggers/2405787/posts
Celebrity-Themed Scareware Campaign Abusing DocStoc
DANCHO DANCHEV - blog ^ | MONDAY, DECEMBER 07, 2009 | Dancho Danchev
Posted on December 11, 2009 3:32:36 PM PST by Cindy
MONDAY, DECEMBER 07, 2009 Celebrity-Themed Scareware Campaign Abusing DocStoc
UPDATE: Docstoc has removed all the participating accounts in this campaign, and is applying additional filtering to undermine its effectiveness.
Last week’s “Celebrity-Themed Scareware Campaign Abusing DocStoc and Scribd” is now exclusively targeting the popular Docstoc document-sharing service. Naturally, this very latest campaign once again offers overwhelming evidence on the inner workings of the cybercrime ecosystem, in this particular case, the connection between the Koobface gang and money mule recruitment campaigns.
(Excerpt) Read more at ddanchev.blogspot.com ...
Blog:
http://ddanchev.blogspot.com/2009/12/koobface-gang-wishes-industry-happy.html
SATURDAY, DECEMBER 26, 2009
“The Koobface Gang Wishes the Industry ‘Happy Holidays’”
Posted by Dancho Danchev
blog:
http://ddanchev.blogspot.com/2010/02/diverse-portfolio-of-scarewareblackhat.html
WEDNESDAY, FEBRUARY 03, 2010
“A Diverse Portfolio of Scareware/Blackhat SEO Redirectors Courtesy of the Koobface Gang”
-Posted by Dancho Danchev
SNIPPET: “With scareware/rogueware/fake security software continuing to be the cash-cow choice for the Koobface gang, keeping them on a short leash in order to become the biggest opportunity cost for the gang’s business model is crucial.
The following are currently active blackhat SEO redirectors/Koobface-infected hosts redirectors and actual scareware domains courtesy of the gang.”
blog:
http://ddanchev.blogspot.com/2010/03/koobface-redirectors-and-scareware.html
MONDAY, MARCH 15, 2010
“Koobface Redirectors and Scareware Campaigns Now Hosted in Moldova”
Posted by Dancho Danchev
SNIPPET: “Just how greedy has the Koobface gang become these days? Very greedy.
In fact, their currently active scareware campaigns operate with a changed directory structure that speaks for itself - scareware-domain/fee1/index.php?GREED==random_characters. Let’s dissect the scareware monetization vector, expose the entire typosquatted domains portfolio, and offer a historical OSINT perspective on their activities during February, 2010.
The domain portfolios are in a process of getting suspended”
blog:
http://ddanchev.blogspot.com/2010/04/dissecting-koobface-gangs-latest.html
TUESDAY, APRIL 27, 2010
“Dissecting Koobface Gang’s Latest Facebook Spreading Campaign”
Posted by Dancho Danchev