14 DAY TRIAL // The head of Facebook's anti-malware team claims that the identities of the Koobface authors are known and that authorities are investigating the operation.
Facebook's Nick Bilogorskiy was the first to take the stage at this year's Virus Bulletin security conference in Vancouver.
His presentation revealed some interesting facts about the problems Facebook's staff has to deal with in order to protect the massive social network.
But more importantly it contained information about the gang behind Koobface, the father of all social networking worms, which is still actively developed.
With a user base of 500 million, Facebook is certainly an attractive target for cybercriminals. On a daily basis, there are all sorts of advance-fee and affiliate marketing (suvey) scams or spam campaigns.
However, Koobface remains the most sophisticated threat by far. Launched over two years ago, it is one of the longest-running computer worms in history.
Versions of the malware have appeared on MySpace, Twitter, hi5, Bebo or Friendster, but the worm is most active on Facebook.
The people who develop and maintain Koobface are notoriously known for coming up with new tricks that make their creation more successful or resilient to takedown attempts.
They also like to taunt the antivirus industry and harass security researchers. Dancho Danchev, an independent security consultant who often writes about Koobface-related activities, was targeted on multiple occasions.
Bilogorskiy estimates that the Koobface authors earned on average $35,000 per week from the botnet in 2009, which adds up to $1.8 million for the entire year.
The good news, according to Graham Cluley, a senior technology consultant at Sophos, who attended the opening presentation, is that authorities might be closing in on the gang.
"Bilogorskiy says he knows their true identities - and law enforcement agencies are investigating," Cluley writes on his blog.