In a post last December on the ThreatExpert blog, Sergei proposed a method to defeat Koobface — hit ‘em in the pocketbook where it hurts. The CAPTCHA cracking services that the Koobface gang uses could be the weak link in its chain and could be abused to interrupt their scams. Unfortunately, no one seems to be taking up that proposal. Koobface relentlessly is released and spread across multiple distribution groups with its captcha crackers in action.
The Koobface malware recently was slightly altered in several ways. The binary carries with it the functionality to phone back to one of two sites for its captcha cracking needs.
Perhaps these are the new weak links to target.