Tag Archive for: Administrators

Meet the Administrators of the RSOCKS Proxy Botnet – Krebs on Security


Authorities in the United States, Germany, the Netherlands and the U.K. last week said they dismantled the “RSOCKS” botnet, a collection of millions of hacked devices that were sold as “proxies” to cybercriminals looking for ways to route their malicious traffic through someone else’s computer. While the coordinated action did not name the Russian hackers allegedly behind RSOCKS, KrebsOnSecurity has identified its owner as a 35-year-old Russian man living abroad who also runs the world’s top spam forum.

The RUSdot mailer, the email spamming tool made and sold by the administrator of RSOCKS.

According to a statement by the U.S. Department of Justice, RSOCKS offered clients access to IP addresses assigned to devices that had been hacked:

“A cybercriminal who wanted to utilize the RSOCKS platform could use a web browser to navigate to a web-based ‘storefront’ (i.e., a public web site that allows users to purchase access to the botnet), which allowed the customer to pay to rent access to a pool of proxies for a specified daily, weekly, or monthly time period. The cost for access to a pool of RSOCKS proxies ranged from $30 per day for access to 2,000 proxies to $200 per day for access to 90,000 proxies.”

The DOJ’s statement doesn’t mention that RSOCKS has been in operation since 2014, when access to the web store for the botnet was first advertised on multiple Russian-language cybercrime forums.

The user “RSOCKS” on the Russian crime forum Verified changed his name to RSOCKS from a previous handle: “Stanx,” whose very first sales thread on Verified in 2016 quickly ran afoul of the forum’s rules and prompted a public chastisement by the forum’s administrator.

Verified was hacked twice in the past few years, and each time the private messages of all users on the forum were leaked. Those messages show that after being warned of his forum infraction, Stanx sent a private message to the Verified administrator detailing his cybercriminal bona fides.

“I am the owner of the RUSdot forum (former Spamdot),” Stanx wrote in Sept. 2016. “In spam topics, people know me as a reliable person.”

A Google-translated version of the Rusdot spam…

Source…

Cyber Security Today, Aug. 30, 2021 – A new ransomware strain with a trick, a warning for Azure Cosmos administrators and more on the T-Mobile hack


A new ransomware strain with a trick, a warning for Azure Cosmos administrators and more on the T-Mobile hack

Welcome to Cyber Security Today. It’s Monday August 30th. I’m Howard Solomon, contributing writer on cybersecurity for ITWorldCanada.com.

 

A new strain of ransomware uses a trick to evade detection. According to cybersecurity company Sophos, instead of encrypting all the bytes of a file the LockFile strain only scrambles every 16 bytes of a file. That way the partly encrypted files look similar to the uncompromised original file. As a result, it evades the statistical file analysis some ransomware protection applications perform when comparing files. It’s not the only ransomware strain that does this. But what sets LockFile apart is it encrypts every other 16 bytes of a file. Sophos calls this intermittent encryption. IT security teams need to make sure their defensive software can meet this challenge.

Meanwhile the news site The Record reports the gang behind the Ragnarok ransomware has shut operations and released a free decryption utility that victims can use to get their data back.

Chains of threat actor-controlled computing devices called botnets help attackers distribute malware. According to a news report, one of them has suddenly shut. Those behind the botnet distributing the Phorpiex malware are selling the source code. The bad news is if a threat actor buys the code the botnet can be re-activated.

Organizations with employees using Microsoft’s Azure Cosmos database with the Jupyter Notebook feature enabled need to take certain security precautions. This comes after researchers reported a vulnerability that could allow an attacker to get into accounts. Microsoft says it has fixed the vulnerability. But it also says IT departments have to regenerate the primary security keys for the application. According to the company that discovered the problem, every organization that uses Azure Cosmos DB should assume their data has been exposed. It estimates there are thousands of organizations affected, including some in the Fortune 500. There’s a link to the Microsoft report here.

Has sportswear maker Puma been hacked? That’s the question after an ad on the criminal…

Source…

Cyber Security Today: Dangerous Android security apps; advice for email and WordPress administrators, more on credit cards – IT World Canada

Cyber Security Today: Dangerous Android security apps; advice for email and WordPress administrators, more on credit cards  IT World Canada

Dangerous Android security apps in the Google Play store, advice for email and WordPress administrators and more on unsafe credit card readers Welcome to …

“android security news” – read more