Apparently, the Koobface gang likes to work on weekends.
According to research from Zscaler, the number of command and control servers tied to Koobface jumped to 122 March 14 – 57 percent of which were in the United States.
The number of command and control servers fluctuated up and down all last week before hitting a peak on the 14th. The number was near zero March 8, but spiked suddenly March 10 before dropping again the next day. It stayed near zero until two days ago, when it shot up again.
Koobface first appeared in 2008. Since then, its numerous variants have struck Facebook, Bebo, MySpace and other social networks. The Koobface gang has also been tied to the click fraud activity of the Bahama botnet as well as an attack targeting NYTimes.com readers in September.
Koobface is probably the most notorious of the attacks making the rounds on social networking sites. But it is far from the only one. Just last week, Zscaler reported a phishing scam where victims were tricked into giving up their credentials and then prompted to download a variant of Zeus. The domains involved in the attack were registered through SpiritDomains, which suspended them when informed of the abuse by Zscaler.
“Enterprises should have inline content inspection of Web traffic and URL filtering,” recommended Mike Geide, Senior Security Researcher at Zscaler. “End-user education is extremely important, Koobface and many other malicious campaigns require end-user interaction to download and install on a victim system.”