Koobface is a family of malware that targets users of major social networking websites.  Although it has a range of malicious capabilities, it appears that Koobface's main goal is to steal credit card numbers, financial credentials, and other sensitive information from compromised hosts, such as credit card numbers and financial credentials.  Koobface innovatively preys upon the loosely defined trust relationships inherent in social networking applications for its own malicious propagation.  Its creators clearly recognized that the very property that makes social networking sites so popular -- the ability to quickly and easily communicate and share information in a widely distributed, nearly viral fashion -- renders such sites a collective gold mine for nefarious profiteering.

This talk covers the anatomy of Koobface and explores the clever techniques it uses to propagate itself on Facebook and other social networking sites.  We also examine how Koobface effectively uses a combination of web search hijacking, information stealing, CAPTCHA solving, and rogue DNS redirection to achieve its goals.

As a quantitative highlight of the talk, we look at the recent history of Koobface and how its operators have managed to stay a step ahead of the defenders, examining real-world network attack data taken from over 2,000 different organizations.

Ben Feinstein

Ben Feinstein is a Director with the SecureWorks Counter Threat Unit(SM).  He first became involved in information security in 2000, working on a DARPA / US Air Force contract when he should have been spending more time in lecture.  He has nearly a decade of experience designing and implementing security-related information systems and is author of RFC 4765 and RFC 4767.  Ben's major areas of expertise include IDS/IPS, digital forensics and incident response, secure messaging, and small caliber arms.  He has been a speaker at Black Hat USA, DEFCON, ToorCon, ACSAC, IT Security World, and several IETF meetings.