How Facebook helped authorities lick a new botnet called Lecpetex

Posted on July 10, 2014 by

It may have taken seven months but social network Facebook’s efforts did pay off. It has finally helped authorities taken down the botnet, Lecpetex. Announcing this on its official blog post, FB said: Over the last seven months we battled and ultimately helped bring down a little known malware family known as “Lecpetex” that attackers were attempting to spread using Facebook and other online services. We coordinated with several industry partners in disrupting the botnet and proactively escalated the the case to law enforcement officials.

It was late last year that the social network’s “abuse-fighting teams” had started seeing the new botnet. The attack was given the name “Lecpetex” by anti-abuse counterparts at the Microsoft Malware Protection Center. Based on statistics released by the Greek Police, FB realized that the botnet may have infected as many as 250,000 computers, enabling it to hijack those computers and use them to promote social spam, which impacted close to 50,000 accounts at its peak.

Facebook Botnet

Countries most affected by Lecpetex

The Lecpetex botnet had several technical features that made it more resilient to technical analysis & disruption efforts. In addition, the Lecpetex authors appeared to have a good understanding of anti-virus evasion because they made continuous changes to their malware to avoid detection. Lecpetex worked almost exclusively by using relatively simple social engineering techniques to trick victims into running malicious Java applications & scripts that infected their computers. In total, the botnet operators launched more than 20 distinct waves of spam between December 2013 & June 2014.

On April 30, 2014, FB escalated the Lecpetex case to the Cybercrime Subdivision of the Greek Police, & the agency immediately showed strong interest in the case. On July 3 the Greek Police reported that the investigation had progressed to the final stage & that 2 suspects were placed in custody. According to the Greek Police, the authors were in the process of establishing a Bitcoin “mixing” service to help launder stolen Bitcoins at the time of their arrest. More details about their findings are available here.

Image Credit: Facebook

Advertising Message

Comments Off on How Facebook helped authorities lick a new botnet called Lecpetex Posted in Internet News, Social Media News

Comments are closed.