Re: [Full-disclosure] Who's Behind the Koobface Botnet? - An OSINT Analysis
Hi, > zaebalinax.com is literally translated to "Gave up on Linux". just FYI it's not "zaeba linax" or whatever, but "zaebali nax" (where "nax" is short for "nahuy"), the translation would likely be "they've f*cked me up" or sort of "you all are p*ssing me off". -- Cheers, Kai ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Who's Behind the Koobface Botnet? - An OSINT Analysis
I was working at coreix when we took down the original C&C and have icq numbers, source and logs. What's your point? I'm sure its good work but this was all done over a year ago and is on copies in a police store room somewhere. Sent from my BlackBerry® wireless device -Original Message- From: Dancho Danchev Sender: full-disclosure-boun...@lists.grok.org.uk Date: Mon, 9 Jan 2012 07:02:06 To: Subject: [Full-disclosure] Who's Behind the Koobface Botnet? - An OSINT Analysis Hi everyone, In this post, I will perform an OSINT analysis, exposing one of the key botnet masters behind the infamous Koobface botnet, that I have been extensively profiling and infiltrating since day one. I will include photos of the botnet master, his telephone numbers, multiple email addresses, license plate for a BMW, and directly connect him with the infrastructure -- now offline or migrated to a different place -- of Koobface 1.0. The analysis is based on a single mistake that the botnet master made - namely using his personal email for registering a domain parked within Koobface's command and control infrastructure, that at a particular moment in time was directly redirecting to the ubiquitous fake Youtube page pushed by the Koobface botnet. http://ddanchev.blogspot.com/2012/01/whos-behind-koobface-botnet-osint.html Regards -- Dancho Danchev Cyber Threats/CyberCrime Analyst | Security Blogger, ZDNet at CBS Interactive | Securiy Blogger at Webroot Personal Blog: http://ddanchev.blogspot.com ZDNet Blog: http://blogs.zdnet.com/security Webroot Blog: http://blog.webroot.com Twitter: http://twitter.com/danchodanchev LinkedIn: http://nl.linkedin.com/in/danchodanchev Facebook: http://facebook.com/dancho.danchev Skype ID: dancho_danchev_ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Who's Behind the Koobface Botnet? - An OSINT Analysis
Hi everyone, In this post, I will perform an OSINT analysis, exposing one of the key botnet masters behind the infamous Koobface botnet, that I have been extensively profiling and infiltrating since day one. I will include photos of the botnet master, his telephone numbers, multiple email addresses, license plate for a BMW, and directly connect him with the infrastructure -- now offline or migrated to a different place -- of Koobface 1.0. The analysis is based on a single mistake that the botnet master made - namely using his personal email for registering a domain parked within Koobface's command and control infrastructure, that at a particular moment in time was directly redirecting to the ubiquitous fake Youtube page pushed by the Koobface botnet. http://ddanchev.blogspot.com/2012/01/whos-behind-koobface-botnet-osint.html Regards -- Dancho Danchev Cyber Threats/CyberCrime Analyst | Security Blogger, ZDNet at CBS Interactive | Securiy Blogger at Webroot Personal Blog: http://ddanchev.blogspot.com ZDNet Blog: http://blogs.zdnet.com/security Webroot Blog: http://blog.webroot.com Twitter: http://twitter.com/danchodanchev LinkedIn: http://nl.linkedin.com/in/danchodanchev Facebook: http://facebook.com/dancho.danchev Skype ID: dancho_danchev_ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
