Man
Professional
- Messages
- 3,070
- Reaction score
- 606
- Points
- 113
In early October, BitSight specialists discovered the Socks5Systemz botnet, which has been active since 2016. The botnet infects user devices using PrivateLoader and Amadey loaders and turns them into proxy servers. Until recently, it remained unnoticed. At the moment, over 10 thousand devices are infected with malware.
The payloaders, PrivateLoader and Amadey, are distributed in a variety of ways: through phishing, malvertising, exploit kits, Trojans downloaded from P2P networks, etc. Compromised devices are used to redirect malicious, anonymous and other invalid traffic.
During the investigation of this botnet, BitSight specialists found several servers associated with the malicious operation. They also managed to identify a Telegram user who created a full-fledged proxy service using Socks5Systemz.
The attackers rent out the botnet's power on a subscription basis. The cost depends on the number of threads and the rental period and ranges from $1 per day in cryptocurrency for one thread to $4,000 for three months and 5,000 threads.
According to analysts, the Socks5Systemz botnet control infrastructure includes 53 servers for proxy bots, backconnect, DNS and address collection, which are located in France and EU countries (Sweden, the Netherlands, Bulgaria). India, the USA, Brazil, Colombia, South Africa, Argentina and Nigeria have suffered the most from botnet attacks so far.
The payloaders, PrivateLoader and Amadey, are distributed in a variety of ways: through phishing, malvertising, exploit kits, Trojans downloaded from P2P networks, etc. Compromised devices are used to redirect malicious, anonymous and other invalid traffic.
During the investigation of this botnet, BitSight specialists found several servers associated with the malicious operation. They also managed to identify a Telegram user who created a full-fledged proxy service using Socks5Systemz.
The attackers rent out the botnet's power on a subscription basis. The cost depends on the number of threads and the rental period and ranges from $1 per day in cryptocurrency for one thread to $4,000 for three months and 5,000 threads.
According to analysts, the Socks5Systemz botnet control infrastructure includes 53 servers for proxy bots, backconnect, DNS and address collection, which are located in France and EU countries (Sweden, the Netherlands, Bulgaria). India, the USA, Brazil, Colombia, South Africa, Argentina and Nigeria have suffered the most from botnet attacks so far.
