The US authorities announced the elimination of the Russian botnet RSOCKS (according to the US specialists, the botnet was controlled by Russian cybercriminals).
RSOCKS has been used to hijack millions of computers, Android smartphones and IoT devices around the world and then sell proxy services to criminals.
Let me remind you that we also wrote that Phorpiex botnet stopped working, its source code is up for sale, and also that US authorities say Russian hackers attacked US defense contractors.
The US Department of Justice reports that not only the FBI, but also the law enforcement agencies of Germany, the Netherlands and the UK, that is, countries where the botnet hosted part of its infrastructure, took part in the operation to eliminate RSOCKS.
RSOCKS website
As a rule, such botnets are used for DDoS attacks, mining and deployment of additional malware. But there is another feature of the RSOCKS botnet that is highly demanded on the black market: the botnet turned home PCs and other devices into proxy servers, access to which was bought by other criminals.
As a result, hackers were able to disguise their malicious activity (phishing, credential stuffing, and so on) as if it was coming from someone else’s home IP address. In particular, RSOCKS was advertised as a great solution for so-called sneaker bots that use other people’s IP addresses that are not banned from online stores.
The authorities say they began to study the infrastructure of the botnet as early as 2017, as part of a covert operation, when they acquired access to a large number of proxy servers. Access costs ranged from $30 a day for 2,000 proxies to $200 a day for 90,000 proxies, according to the Justice Department. After the purchase, the client was provided with a list of IP addresses and ports for the botnet’s internal servers, and he could begin to direct his traffic through the compromised devices.
At that time, investigators had identified about 325,000 compromised devices, many of which were located in the United States. It is believed that RSOCKS compromised these devices using brute force.
