One question that people often ask when we describe how millions of computers are infected with malware is "Why would anyone do that?" The answer of course is: MONEY.
Some of these money making schemes are so convolluted that it seems unlikely that anyone could make any money at them, but even if they only make a couple pennies per day on each machine, when you have millions of compromised machines, that adds up over time.
Ellen Mesmer of Network World documented America's Ten Most Wanted Botnets last month, and placed Zeus at #1, followed by Koobface at #2. That's a pretty good prioritization system, and one we are following at UAB in our Malware Analysis lab. Zeus is straight-forward. It steals money by compromising their banking credentials, and stealing the money out of their bank accounts. Koobface is far more subtle. With more than 2.9 million compromised American computers, its well worth looking at closer.
UAB Computer Forensics now has three Malware Analysts looking at malware. Brian Tanner, the most senior of the crew, has been looking at Koobface on a regular basis since January, and has a good understanding of how it works. He walked me through the paces yesterday, explaining the most recent version, starting by clicking on a link posted by a "friend" we maintain on Facebook because we can always count on him to provide a link to the current malware.