Suspects Behind Facebook Koobface Hack Named

The alleged masterminds behind Koobface, a malicious program that targets Facebook members, have been identified by security investigators.

Five men living in St. Petersburg, Russia, were named as the kingpins behind Koobface: Anton “KrotReal” Korotchenko; Stanislav “leDed” Avdeyko; Svyatoslav E. “PsycoMan” Polichuck; Roman P. “PoMuc” Koturbach; and Alexander “Floppy” Koltysehv.

Although their nefarious activities have been known for years by Facebook, security investigators and law enforcement authorities, the crew has been living the high life from their base in St. Petersburg, The New York Times reported.

Koobface is a malware program that infects computers and turns them into “zombies” that can be controlled by hackers. The software has been used to terrorize millions of Internet users since 2008, according to a report from security researchers at Sophos.

The Times reported that since its appearance, Koobface has earned its operators an estimated $2 million.

On Facebook, Koobface is spread through bogus messages. An infected computer sends a message, without the computer owner’s knowledge, to all the “friends” of a Facebook account. The message contains links that, if clicked, will infect the clicker’s computer. Once a computer is infected, it can be used to propagate Koobface, send spam and perpetrate other pernicious activities.

In its report, Sophos is careful to note that none of the St. Petersburg suspects it has linked to Koobface have been charged or found guilty of any crimes. It added that all the evidence gathered for its report has been turned over to law enforcement authorities “and we wait to see what — if any — actions are taken to bring down the Koobface gang.”

Sophos has good reason to be skeptical about the Koobface suspects being brought to justice. In the past, it has been difficult to apprehend international cyber criminals. That’s because they choose their bases of operations carefully, locating them in places where local law enforcement will turn a blind eye to their activities and national cooperation with international law enforcement agencies is feeble.

Throughout the years of its existence, Koobface has had its ups and downs. One of its low points was in 2010 when security researchers, law enforcement authorities and Internet service providers were able to take down several of its command and control servers. Those servers are used to control all the zombies in the botnet.

But at the end of last year, a new “smart” version of Koobface appeared on Facebook. Typically, the malware used existing accounts to spread its mischief throughout Facebook. The smart variation uses the botnet itself to create bogus account that can be used to spread the malware. The technique has proven to be an effective one and one Facebook’s defenses appear ill equipped to stop, according to security researchers.

Follow freelance technology writer John P. Mello Jr. and Today@PCWorld on Twitter.