Skip to content

TechRepublic

  • Top Products
  • AI
  • Developer
  • Payroll
  • Security
  • Project Management
  • Accounting
  • CRM
  • Academy
Resources
  • TechRepublic Premium
  • TechRepublic Academy
  • Newsletters
  • Resource Library
  • Forums
  • Sponsored
Go Premium
Popular Topics
  • Top Products
  • AI
  • Developer
  • Payroll
  • Security
  • Project Management
  • Accounting
  • CRM
  • Academy
  • Project Management
  • Innovation
  • Cheat Sheets
  • Big Data
  • Tech Jobs
View All Topics
Go Premium
Security

Social engineering tactics of the Koobface botnet

By ddanchev October 13, 2009, 10:52 PM PDT

Image
1
of 12

Social engineering tactics of the Koobface botnet

Fake "Your version of Flash player is out of date" message

Fake "Your version of Flash player is out of date" message

Among the earliest and most popular spoofing attempts done by the Koobface gang.

Social engineering tactics of the Koobface botnet

Social engineering tactics for hire

Social engineering tactics for hire

The process of coming up with legitimately looking spoofs of known applications or web sites has already been monetized. In this case, the underground seller is offering a fake Adobe Flash Updater tool.

Social engineering tactics of the Koobface botnet

Koobface October 2009 Youtube spoof

Koobface October 2009 Youtube spoof

The Koobface gang has introduced a new template, this time spoofing Adobe’s Flash Updater tool.

Social engineering tactics of the Koobface botnet

Koobface botnet using unlicensed software

Koobface botnet using unlicensed software

The latest Koobface malware campaign is using an unlicensed copy of HyperSnap6 resulting in “buy a license” stamp embedded on every infected host.

Social engineering tactics of the Koobface botnet

Koobface experimenting with Bloglines

Koobface experimenting with Bloglines

The Koobface gang has been “shooting into the dark” on several occasions so far. Experiments include the use of Bloglines, where automatically registered accounts were in brief circulation in a 2008 campaign.

Social engineering tactics of the Koobface botnet

Fake "This content requires Adobe Flash Player 10.37" message

Fake "This content requires Adobe Flash Player 10.37" message

Yet another attempt by the Koobface gang to differentiate the already known Youtube+outdated Adobe Flash Player template combination.

Social engineering tactics of the Koobface botnet

Another "This content requires Adobe Flash Player 10.37" message

Another "This content requires Adobe Flash Player 10.37" message

The same template, this time using a different avatar of the user.

Social engineering tactics of the Koobface botnet

Koobface botnet spoof of Facebook - "Flash Player upgrade required"

Koobface botnet spoof of Facebook - "Flash Player upgrade required"

This template — still in circulation — has presents the user with a legitimately looking Facebook video page which always remains static due to the fact that it’s basically a screenshot of the real one.

Social engineering tactics of the Koobface botnet

Scareware affiliate network used by Koobface botnet

Scareware affiliate network used by Koobface botnet

Starting in later September, 2009, the Koobface botnet became a major player in the scareware business model by including a pop-up script on each and every of the hundreds of thousands of infected hosts. Rotating the scareware domains every 24 hours results in a lower detection rate, which helps them better monetize the botnet.

Social engineering tactics of the Koobface botnet

Koobface using "My computer Online Scan" scareware template

Koobface using "My computer Online Scan" scareware template

The Koobface botnet is using a slightly modified template of the most popular scareware theme, the “My computer Online Scan”.

Social engineering tactics of the Koobface botnet

Koobface botnet on Twitter

Koobface botnet on Twitter

Periodically, the Koobface botnet attempts to exploit the micro-blogging service by tweeting Koobface-serving URLs on behalf of already infected users with Twitter accounts.??The gang behind the Koobface botnet is on the other hand systematically abusing Twiter, Linkd, Scribd and many other related services.

Social engineering tactics of the Koobface botnet

Koobface botnet on Twitter - statistics

Koobface botnet on Twitter - statistics

On a daily basis, hundreds of thousands of users visit the web sites maintained by the Koobface gang. This screenshot showcases a click-through rate for one of their Twitter campaigns.

  • Security
  • Account Information

    Share with Your Friends

    Social engineering tactics of the Koobface botnet

    Your email has been sent

Share: Social engineering tactics of the Koobface botnet
Image of ddanchev
By ddanchev
  • Account Information

    Contact ddanchev

    Your message has been sent

  • |
  • See all of ddanchev's content

Daily Tech Insider

If you can only read one tech story a day, this is it.

Cybersecurity Insider

Stay abreast of the latest cybersecurity news, solutions, and best practices

TechRepublic TechRepublic
  • TechRepublic on Facebook
  • TechRepublic on X
  • TechRepublic on LinkedIn
  • TechRepublic on YouTube
  • TechRepublic on Pinterest
  • TechRepublic RSS
Services
  • About Us
  • Newsletters
  • RSS Feeds
  • Site Map
  • Site Help & Feedback
  • FAQ
  • Advertise
  • Do Not Sell My Information
  • Careers
Explore
  • Downloads
  • TechRepublic Forums
  • Meet the Team
  • TechRepublic Academy
  • TechRepublic Premium
  • Resource Library
  • Photos
  • Videos
  • Editorial Policy
  • Legal Terms
  • Privacy Policy
© 2025 TechnologyAdvice. All rights reserved.
CLOSE

Create a TechRepublic Account

Get the web's best business technology news, tutorials, reviews, trends, and analysis—in your inbox. Let's start with the basics.

Already registered? Sign In
Use Facebook
Use Linkedin

* - indicates required fields

CLOSE

Sign in to TechRepublic

Not a member? Create an account
Use Facebook
Use Linkedin

Lost your password? Request a new password

CLOSE

Reset Password

Please enter your email adress. You will receive an email message with instructions on how to reset your password.

Check your email for a password reset link. If you didn't receive an email don't forgot to check your spam folder, otherwise contact support.

Back to login
1 Finish Profile
2 Newsletter Preferences
CLOSE

Welcome. Tell us a little bit about you.

This will help us provide you with customized content.

No thanks, continue without
1 Finish Profile
2 Newsletter Preferences
CLOSE

Want to receive more TechRepublic news?

Newsletter Name
Subscribe
Daily Tech Insider
Daily Tech Insider AU
TechRepublic UK
TechRepublic News and Special Offers
TechRepublic News and Special Offers International
Executive Briefing
Innovation Insider
Project Management Insider
Microsoft Weekly
Cloud Insider
Data Insider
Developer Insider
TechRepublic Premium
Apple Weekly
Cybersecurity Insider
Google Weekly
Toggle All
No thanks, continue without

You're All Set

Thanks for signing up! Keep an eye out for a confirmation email from our team. To ensure any newsletters you subscribed to hit your inbox, make sure to add [email protected] to your contacts list.

Back to Home Page
×