Facebook and Greek police in tag team botnet takedown

Facebook has taken down a Greek botnet that was using the social network to spread spam and malware.

The botnet was thought by Greek police to have infected up to 250,000 computers, affecting 50,000 Facebook accounts at its peak.

Facebook’s threat infrastructure team said: "Over the last seven months we battled and ultimately helped bring down a little known malware family known as ‘Lecpetex’ that attackers were attempting to spread using Facebook and other online services."

Victims were initially infected after opening a zipped attachment on a spam message, which then used browser cookies to hijack their Facebook account and spread the virus further.

Greek police said the two suspected authors were trying to create a "mixing" service to launder stolen cryptocurrency at the time of their arrest.

"Our analysis revealed two distinct malware payloads delivered to infected machines: the DarkComet RAT [remote access tool], and several variations of Litecoin mining software," Facebook said.

More than 20 waves of spam were released between last December and this June, according to the social network, with the malware’s ability to update itself making it more difficult to detect.

Most of the victims were found in Greece, with Poland, Norway, India, Portugal and the US also affected.

Facebook said: "Ultimately, remediating a threat like Lecpetex requires a combination of technical analysis capabilities, industry collaboration, agility in deploying new countermeasures, and law enforcement cooperation."

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

Sign up for our regular news round-up!

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

I would also like to subscribe to:

Thank you for subscribing