Koobface botnet goes down, suspects scurry to erase tracks

As the names of the five individuals believed to be behind the Koobface botnet were revealed on Tuesday, their reaction was almost immediate and seems to validate the researchers’ findings.

First the Koobface botnet servers stopped responding to requests – obviously, they were pulled offline – and then the suspected Koobface gang began going through their various social network accounts and modifying or deleting them.

According to Reuters, Russia’s anti-cybercrime unit, the Interior Ministry’s K Directorate, has still not initiated an investigation into the matter. The unit’s representative Larisa Zhukova says that in order to do that, they have to receive an official request from the victim – Facebook, for example.

Even after that, it would take them 30 days to review the request and initiate an inquiry. “Even if it turns into a criminal case, the investigative unit will decide on possible charges. It is hard to hypothesize on a possible sentence right now,” she concluded.

There’s no word yet on whether Facebook – or someone else – will be filing such a request, but its security official Ryan McGeehan says they are very satisfied with the initial reactions. “The thing that we are most excited about is that the botnet is down,” he said. “Our decision to become transparent about this has had a 24-hour impact. Only time will tell if it’s permanent but it was certainly effective.”

In the meantime, various journalists have tried to contact the five suspected individuals through known phone numbers and addresses to the software firm they opened together, but didn’t have any luck so far.