Facebook and Greek police in tag team botnet takedown

Security

by Jimmy Nicholls| 10 July 2014

Social networks says there is one less piece of malware to worry about.

Facebook has taken down a Greek botnet that was using the social network to spread spam and malware.

The botnet was thought by Greek police to have infected up to 250,000 computers, affecting 50,000 Facebook accounts at its peak.

Facebook's threat infrastructure team said: "Over the last seven months we battled and ultimately helped bring down a little known malware family known as 'Lecpetex' that attackers were attempting to spread using Facebook and other online services."

Victims were initially infected after opening a zipped attachment on a spam message, which then used browser cookies to hijack their Facebook account and spread the virus further.

Greek police said the two suspected authors were trying to create a "mixing" service to launder stolen cryptocurrency at the time of their arrest.

"Our analysis revealed two distinct malware payloads delivered to infected machines: the DarkComet RAT [remote access tool], and several variations of Litecoin mining software," Facebook said.

More than 20 waves of spam were released between last December and this June, according to the social network, with the malware's ability to update itself making it more difficult to detect.

Most of the victims were found in Greece, with Poland, Norway, India, Portugal and the US also affected.

Facebook said: "Ultimately, remediating a threat like Lecpetex requires a combination of technical analysis capabilities, industry collaboration, agility in deploying new countermeasures, and law enforcement cooperation."

Comments
Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

732 people like this.
0 people follow this.

Security Intelligence

Suppliers Directory

Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.