Skip to content

TechRepublic

  • Top Products Lists
  • Developer
  • 5G
  • Security
  • Cloud
  • Artificial Intelligence
  • Tech & Work
  • Mobility
  • Big Data
  • Innovation
  • Cheat Sheets
  • TechRepublic Academy
  • CES
  • TechRepublic Premium
  • Top Products Lists
  • Developer
  • 5G
  • Security
  • Cloud
  • Artificial Intelligence
  • Tech & Work
  • Mobility
  • Big Data
  • Innovation
  • Cheat Sheets
  • TechRepublic Academy
  • CES
  • See All Topics
  • Sponsored
  • Newsletters
  • Forums
  • Resource Library
TechRepublic Premium
Join / Sign In
Security

Social engineering tactics of the Koobface botnet

By ddanchev October 13, 2009, 10:52 PM PDT

Image
1
of 12

Social engineering tactics of the Koobface botnet

Fake "Your version of Flash player is out of date" message

Fake "Your version of Flash player is out of date" message

Among the earliest and most popular spoofing attempts done by the Koobface gang.

Social engineering tactics of the Koobface botnet

Social engineering tactics for hire

Social engineering tactics for hire

The process of coming up with legitimately looking spoofs of known applications or web sites has already been monetized. In this case, the underground seller is offering a fake Adobe Flash Updater tool.

Social engineering tactics of the Koobface botnet

Koobface October 2009 Youtube spoof

Koobface October 2009 Youtube spoof

The Koobface gang has introduced a new template, this time spoofing Adobe’s Flash Updater tool.

Social engineering tactics of the Koobface botnet

Koobface botnet using unlicensed software

Koobface botnet using unlicensed software

The latest Koobface malware campaign is using an unlicensed copy of HyperSnap6 resulting in “buy a license” stamp embedded on every infected host.

Social engineering tactics of the Koobface botnet

Koobface experimenting with Bloglines

Koobface experimenting with Bloglines

The Koobface gang has been “shooting into the dark” on several occasions so far. Experiments include the use of Bloglines, where automatically registered accounts were in brief circulation in a 2008 campaign.

Social engineering tactics of the Koobface botnet

Fake "This content requires Adobe Flash Player 10.37" message

Fake "This content requires Adobe Flash Player 10.37" message

Yet another attempt by the Koobface gang to differentiate the already known Youtube+outdated Adobe Flash Player template combination.

Social engineering tactics of the Koobface botnet

Another "This content requires Adobe Flash Player 10.37" message

Another "This content requires Adobe Flash Player 10.37" message

The same template, this time using a different avatar of the user.

Social engineering tactics of the Koobface botnet

Koobface botnet spoof of Facebook - "Flash Player upgrade required"

Koobface botnet spoof of Facebook - "Flash Player upgrade required"

This template — still in circulation — has presents the user with a legitimately looking Facebook video page which always remains static due to the fact that it’s basically a screenshot of the real one.

Social engineering tactics of the Koobface botnet

Scareware affiliate network used by Koobface botnet

Scareware affiliate network used by Koobface botnet

Starting in later September, 2009, the Koobface botnet became a major player in the scareware business model by including a pop-up script on each and every of the hundreds of thousands of infected hosts. Rotating the scareware domains every 24 hours results in a lower detection rate, which helps them better monetize the botnet.

Social engineering tactics of the Koobface botnet

Koobface using "My computer Online Scan" scareware template

Koobface using "My computer Online Scan" scareware template

The Koobface botnet is using a slightly modified template of the most popular scareware theme, the “My computer Online Scan”.

Social engineering tactics of the Koobface botnet

Koobface botnet on Twitter

Koobface botnet on Twitter

Periodically, the Koobface botnet attempts to exploit the micro-blogging service by tweeting Koobface-serving URLs on behalf of already infected users with Twitter accounts.??The gang behind the Koobface botnet is on the other hand systematically abusing Twiter, Linkd, Scribd and many other related services.

Social engineering tactics of the Koobface botnet

Koobface botnet on Twitter - statistics

Koobface botnet on Twitter - statistics

On a daily basis, hundreds of thousands of users visit the web sites maintained by the Koobface gang. This screenshot showcases a click-through rate for one of their Twitter campaigns.

  • Security
  • Account Information

    Share with Your Friends

    Social engineering tactics of the Koobface botnet

    Your email has been sent

Share: Social engineering tactics of the Koobface botnet
Image of ddanchev
By ddanchev
  • Account Information

    Contact ddanchev

    Your message has been sent

  • |
  • See all of ddanchev's content

TechRepublic Premium

  • TechRepublic Premium

    Hiring kit: Community engagement manager

    PURPOSE Recruiting a community engagement manager with the right combination of experience and communication skills will require a comprehensive screening process. This hiring kit from TechRepublic Premium provides a flexible framework your business can use to find, recruit and ultimately hire the right person for the job. From the hiring kit: DETERMINING FACTORS, DESIRABLE PERSONALITY ...

    Published:  March 28, 2023, 12:00 PM EDT Modified:  March 29, 2023, 10:12 AM EDT Read More See more TechRepublic Premium
  • TechRepublic Premium

    Hiring kit: Chief experience officer

    PURPOSE Successful chief experience officers combine excellent communications skills with an intimate knowledge of customer expectations, company operations and industry standards. This hiring kit from TechRepublic Premium provides a workable framework you can use to find, recruit and ultimately hire the best candidate for CXO of your organization. From the hiring kit: DUTIES AND RESPONSIBILITIES ...

    Published:  March 28, 2023, 12:00 PM EDT Modified:  March 29, 2023, 10:26 AM EDT Read More See more TechRepublic Premium
  • TechRepublic Premium

    Hiring kit: Automation specialist

    PURPOSE Recruiting an automation specialist with the right combination of technical expertise and experience will require a comprehensive screening process. This Hiring Kit from TechRepublic Premium provides a flexible framework your business can use to find, recruit and ultimately hire the right person for the job. From the hiring kit: DETERMINING FACTORS, DESIRABLE PERSONALITY TRAITS ...

    Published:  March 27, 2023, 12:00 PM EDT Modified:  March 28, 2023, 12:48 PM EDT Read More See more TechRepublic Premium
  • TechRepublic Premium

    Hiring kit: Cybersecurity engineer

    PURPOSE Recruiting a cybersecurity engineer with the right combination of technical and industry experience will require a comprehensive screening process. This hiring kit from TechRepublic Premium provides a flexible framework your business can use to find, recruit and ultimately hire the right person for the job. From the hiring kit: DETERMINING FACTORS, DESIRABLE PERSONALITY TRAITS ...

    Published:  March 27, 2023, 12:00 PM EDT Modified:  March 28, 2023, 12:18 PM EDT Read More See more TechRepublic Premium

Services

  • About Us
  • Newsletters
  • RSS Feeds
  • Site Map
  • Site Help & Feedback
  • FAQ
  • Advertise
  • Do Not Sell My Information

Explore

  • Downloads
  • TechRepublic Forums
  • Meet the Team
  • TechRepublic Academy
  • TechRepublic Premium
  • Resource Library
  • Photos
  • Videos
  • TechRepublic
  • TechRepublic on Twitter
  • TechRepublic on Facebook
  • TechRepublic on LinkedIn
  • TechRepublic on Flipboard
© 2023 TechnologyAdvice. All rights reserved.
  • Privacy Policy
  • Terms of Use
  • Property of TechnologyAdvice