KOOBFACEのコマンドとコントロールするサーバが新しいコマンドを装備したとのこと。プロキシ経由でコマンドやコンポーネントを取れるようになったみたい。

Early this week, the KOOBFACE Command and Control (C&C) servers issued a new command to its downloader component. This new command identifies a list of IP addresses to be used by the downloader component as Web or relay proxies to retrieve subsequent commands and components.

In the old KOOBFACE architecture (see Figure 1), the downloader directly connects to an available C&C to receive commands. However, the new command seen early this week actually changes the KOOBFACE botnet architecture to something more like the diagram in Figure 2.

New KOOBFACE Upgrade Makes It Takedown-Proof - TrendLabs Security Intelligence Blog