Last week, security experts based in Hong Kong succeeded in taking out a key piece of the Koobface botnet, only to have it pop up in China. Koobface, which uploads stolen user names and passwords to a remote server, was taken down by the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) last week.
However, the cyber criminals running Koobface merely moved the server to a hosting company in China. The Koobface botnet initially spread via social networking sites.
“When a botnet server is taken down, botnet owners tend to avail of bulletproof hosting services or the services of hosting companies that are hard to take down, which not only means business as usual for cybercriminals but also means they are shoring up their ‘defenses,'” writes a researcher at TrendLabs.