Treasury Sanctions Creators of 911 S5 Proxy Botnet

Credit to Author: BrianKrebs| Date: Tue, 28 May 2024 20:38:32 +0000

The U.S. Department of the Treasury today unveiled sanctions against three Chinese nationals for allegedly operating 911 S5, an online anonymity service that for many years was the easiest and cheapest way to route one’s Web traffic through malware-infected computers around the globe. KrebsOnSecurity identified one of the three men in a July 2022 investigation into 911 S5, which was massively hacked and then closed ten days later.

Read more

Who and What is Behind the Malware Proxy Service SocksEscort?

Credit to Author: BrianKrebs| Date: Tue, 25 Jul 2023 21:20:55 +0000

Researchers this month uncovered a two-year-old Linux-based remote access trojan dubbed AVrecon that enslaves Internet routers into botnet that bilks online advertisers and performs password-spraying attacks. Now new findings reveal that AVrecon is the malware engine behind a 12-year-old service called SocksEscort, which rents hacked residential and small business devices to cybercriminals looking to hide their true location online.

Read more

Giving a Face to the Malware Proxy Service ‘Faceless’

Credit to Author: BrianKrebs| Date: Tue, 18 Apr 2023 20:59:39 +0000

For the past seven years, a malware-based proxy service known as “Faceless” has sold anonymity to countless cybercriminals. For less than a dollar per day, Faceless customers can route their malicious traffic through tens of thousands of compromised systems advertised on the service. In this post we’ll examine clues left behind over the past decade by the proprietor of Faceless, including some that may help put a face to the name.

Read more

911 Proxy Service Implodes After Disclosing Breach

Credit to Author: BrianKrebs| Date: Fri, 29 Jul 2022 19:34:45 +0000

911[.]re, a proxy service that since 2015 has sold access to hundreds of thousands of Microsoft Windows computers daily, announced this week that it is shutting down in the wake of a data breach that destroyed key components of its business operations. The abrupt closure comes ten days after KrebsOnSecurity published an in-depth look at 911 and its connections to shady pay-per-install affiliate programs that secretly bundled 911’s proxy software with other titles, including “free” utilities and pirated software.

Read more

A Deep Dive Into the Residential Proxy Service ‘911’

Credit to Author: BrianKrebs| Date: Mon, 18 Jul 2022 16:11:12 +0000

For the past seven years, an online service known as 911 has sold access to hundreds of thousands of Microsoft Windows computers daily, allowing customers to route malicious traffic through PCs in virtually any country or city around the globe — but predominantly in the United States. The proxy service says its network is made up entirely of users who voluntarily install the proxy software. But new research shows 911 has a long history of purchasing installations via shady “pay-per-install” affiliate marketing schemes, some of which 911 operated on its own.

Read more

The Link Between AWM Proxy & the Glupteba Botnet

Credit to Author: BrianKrebs| Date: Tue, 28 Jun 2022 18:33:31 +0000

On December 7, 2021, Google announced it had sued two Russian men allegedly responsible for operating the Glupteba botnet, a global malware menace that has infected millions of computers over the past decade. That same day, AWM Proxy — a 14-year-old anonymity service that rents hacked PCs to cybercriminals — suddenly went offline. Security experts had long seen a link between Glupteba and AWM Proxy, but new research shows AWM Proxy’s founder is one of the men being sued by Google.

Read more