Sophos has published details, on its Naked Security Blog, of an investigativereport about the Koobface gang who infected thousands of PCs with malware via Facebook and, according to NewYorkTimes, gained millions of dollars in doing so.
The investigation was carried out by Jan Drömer, an independent researcher, and Dirk Kollberg from SophosLabs between October 2009 and February 2010.
The report is informative and useful for those who are interested in cyber forensic investigation. The investigation started by identifying the command and control server and then through analysis this led to a script which contained the suspects phone numbers! Additional information was also found from the various user names used on the server. The full evidence is now in the hands of the law enforcement agencies.