Social engineering tactics of the Koobface botnet - TechRepublic
Security
SHARE
Facebook X Pinterest WhatsApp

Social engineering tactics of the Koobface botnet

  • Fake "Your version of Flash player is out of date" message

    Among the earliest and most popular spoofing attempts done by the Koobface gang.

  • Social engineering tactics for hire

    The process of coming up with legitimately looking spoofs of known applications or web sites has already been monetized. In this case, the underground seller is offering a fake Adobe Flash Updater tool.

  • Koobface October 2009 Youtube spoof

    The Koobface gang has introduced a new template, this time spoofing Adobe’s Flash Updater tool.

  • Koobface botnet using unlicensed software

    The latest Koobface malware campaign is using an unlicensed copy of HyperSnap6 resulting in “buy a license” stamp embedded on every infected host.

  • Koobface experimenting with Bloglines

    The Koobface gang has been “shooting into the dark” on several occasions so far. Experiments include the use of Bloglines, where automatically registered accounts were in brief circulation in a 2008 campaign.

  • Fake "This content requires Adobe Flash Player 10.37" message

    Yet another attempt by the Koobface gang to differentiate the already known Youtube+outdated Adobe Flash Player template combination.

  • Another "This content requires Adobe Flash Player 10.37" message

    The same template, this time using a different avatar of the user.

  • Koobface botnet spoof of Facebook - "Flash Player upgrade required"

    This template — still in circulation — has presents the user with a legitimately looking Facebook video page which always remains static due to the fact that it’s basically a screenshot of the real one.

  • Scareware affiliate network used by Koobface botnet

    Starting in later September, 2009, the Koobface botnet became a major player in the scareware business model by including a pop-up script on each and every of the hundreds of thousands of infected hosts. Rotating the scareware domains every 24 hours results in a lower detection rate, which helps them better monetize the botnet.

  • Koobface using "My computer Online Scan" scareware template

    The Koobface botnet is using a slightly modified template of the most popular scareware theme, the “My computer Online Scan”.

  • Koobface botnet on Twitter

    Periodically, the Koobface botnet attempts to exploit the micro-blogging service by tweeting Koobface-serving URLs on behalf of already infected users with Twitter accounts.??The gang behind the Koobface botnet is on the other hand systematically abusing Twiter, Linkd, Scribd and many other related services.

  • Koobface botnet on Twitter - statistics

    On a daily basis, hundreds of thousands of users visit the web sites maintained by the Koobface gang. This screenshot showcases a click-through rate for one of their Twitter campaigns.

1 of 12
ddanchev