14 DAY TRIAL // The creators of the Koobface social networking worm have made a significant change in its botnet infrastructure, in order to make it more resilient to takedown attempts. Meanwhile, the worm, which started plaguing Twitter a few weeks ago, proves very successful in infecting users of the micro blogging platform.
Koobface is a computer worm, which spreads by stealing social networking accounts from compromised computers. Its different versions have spread on websites such as MySpace, Facebook, Bebo, Friendster, hi5, Tagged, and, more recently, Twitter.
Dancho Danchev, an independent security consultant, has been recently tracking the botnet generated by the worm and has had significant success in talking hosting providers into taking down its command and control servers.
The researcher's efforts did not remain unnoticed, especially by the worm's creators, who came out with a plan to strengthen its infrastructure. "We express our high gratitude to Dancho Danchev [...] for the help in bug fixing, researches and documentation for our software," they ironically wrote in a recent Koobface update.
Security researchers from Trend Micro have documented a significant change in the way Koobface-infected computers ask for instructions from the C&C servers. A newly compromised system will initially contact a hard-coded C&C domain in order to receive upgrades. Along with the upgrades, the server also gives it a list of other computers in the botnet.
"The upgraded KOOBFACE architecture makes it possible for the KOOBFACE botnet to survive even if all of its C&C domains are shut down given that the list of IP addresses (KOOBFACE zombies) can also host updated KOOBFACE commands and components," Jonell Baltazar, advanced threats researcher at Trend, advised.
Meanwhile, security experts from BitDefender warn that the worm's success rate on Twitter is constantly increasing, despite the efforts of the website's staff to block it. Between 13 and 19 July, the infection rate has increased by 114% for users from the US and by 198% for the UK users. During the same period, infections of French Twitter users have increased by a whopping 371%.
BitDefender researchers conclude that many Twitter users don't pay enough attention to the links they click, are not concerned about their security or don't have reliable and updated antivirus solutions installed on their computers.