Kaspersky found there are a Koobface wave, a very productive worm infects social networking sites, like Facebook and Twitter. Malicious programs are also using a compromised legitimate websites as a representative for the main command and control servers.
"Over the past two weeks, the research team Kaspersky Lab has studied the Koobface live C & C servers turned off or cleaned an average of three times per day. The numbers continue to decline, from 107 on February 25, to a level 71 on March 8. Then, just within 48 hours that number grew from 71 to 142, raising the total amount exactly two times, where all the infected computers Koobface get orders and updates from a distance, "said the Kaspersky Labs, through its official statements, on Sunday (14/3/2010 ).
According to Kaspersky, the command and control infrastructure Koobface can be observed when he saw the evolution of the geographical location of IP addresses used to communicate with the infected computer. The use of C & C server is increased, especially in the U.S., from 48 percent to 52 percent. Currently, more than half the server Koobface C & C has hosted in the U.S., far more than other countries.
Based on this, he continued, Kaspersky can conclude that cyberspace criminals continually monitor the status of their infrastructure. They do not want the amount of C & C server is down too much because it means losing control of the botnet. When the amount of C & C server is active down to a critical level, they seemed ready to implement dozens of C & C server is new.
"It seems when the server 100 C & C online, Koobface will feel more relaxed. They also prefer to distribute the server their C & C around the world with a different ISP, to make a take-down process is more difficult. However, most servers Koobface C & C are in the U.S. , "said Tanase.
Tanase claims, Kaspersky Lab users use one of the anti-malware Kaspersky's products totally protected from all variants of Koobface.
0 comments:
Post a Comment