Facebook Takes Down Lecpetex Botnet

Updated on

Facebook Inc (NASDAQ:FB) helped bring down a botnet called Lecpetex in a story that shows both the growing sophistication of hackers and the difficulty of getting people to follow straightforward security protocols.

“Based on statistics released by the Greek Police, the botnet may have infected as many as 250,000 computers. Those infections enabled those directing the botnet to hijack those computers and use them to promote social spam, which impacted close to 50,000 accounts at its peak,” Facebook Inc (NASDAQ:FB) wrote in a blog post. “The botnet operators launched more than 20 distinct waves of spam between December 2013 and June 2014.”

Anti-virus software alone wasn’t enough to bring down Lecpetex

What impressed Facebook Inc’s (NASDAQ:FB) Threat Infrastructure team was that the botnet operators were constantly adjusting the malware’s code to evade anti-virus software, and used a combination of anonymous email accounts and pastebin in addition to command and control pages to direct the botnet, so that as one resource was stopped by Facebook’s team and law enforcement another could be used. The botnet was used both to send spam and to mine Litecoins before the accused hackers were picked up by Greek police.

“Ultimately, remediating a threat like Lecpetex requires a combination of technical analysis capabilities, industry collaboration, agility in deploying new countermeasures, and law enforcement cooperation,” Facebook Inc (NASDAQ:FB) wrote.

Facebook: Security still breaks down because of poor user habits

The Facebook Inc (NASDAQ:FB) post has more technical details for those who are interested, but one thing that should be of interest to everyone is how the botnet quickly infected a quarter million computers in the first place. Apparently, some people are still perfectly willing to run exe files sent to them by total strangers.

The Lecpetex operators sent out spam messages with nonsense messages and attached zip files, then people downloaded the zip files and ran the executable JAR files inside. No matter how hard Facebook works to keep their network safe from hackers, bad habits have a way of compromising security. The malware may have also been included in malicious torrents, though Facebook Inc (NASDAQ:FB) says it wasn’t able to corroborate those reports.

If you want to check your computer for malware (even if you use anti-virus software) Facebook Inc (NASDAQ:FB) offers free online scans from F-Secure and TrendMicro available here.

Leave a Comment