On Wednesday, a worldwide alliance of police organizations dismantled a botnet comprising numerous compromised residential and small enterprise networking devices.
This initiative focused on SocksEscort, a service that provided fee-based proxy services, established upon a network of breached routers utilized for perpetrating diverse illicit activities. These included gaining unauthorized access to victims’ bank and digital currency accounts, and submitting deceptive jobless benefit applications, as per a declaration issued Thursday by the Department of Justice (DOJ). The DOJ further stated that the illicit acts enabled by SocksEscort resulted in multi-million dollar losses for American citizens.
In its statement regarding the initiative, Europol declared that the SocksEscort botnet purportedly infiltrated over 369,000 routers and Internet of Things (IoT) gadgets across 163 nations. The agency added that these compromised networking devices “have been severed from the platform.” According to the police organization, SocksEscort was also employed to enable malware demanding ransom, widespread service disruption (DDoS) assaults, and the dissemination of illicit child exploitation content (CSAM).
Europol explained that “Users of the illicit platform acquired permits to exploit these compromised instruments, masking their true network identities to partake in diverse illicit acts.” The agency further noted that “Once infiltrated by the malicious software, the device proprietors would remain oblivious that their IP addresses were employed for unlawful purposes.”
As part of the policing initiative, the material on the SocksEscort formal web portal was substituted with an announcement declaring its confiscation.
According to the digital security company Black Lotus Labs, which monitored SocksEscort and collaborated with authorities in the dismantling effort, the botnet had been made up of approximately 280,000 routers since January of the previous year, and was driven by malicious software named AVRecon.
In its publication concerning the dismantling, the company stated: “This botnet presented a considerable danger, as it was offered solely to illicit actors.” It further highlighted that “Significantly, more than fifty percent of those affected were situated within the United States or the United Kingdom, allowing perpetrators to execute precision-focused maneuvers.”
In 2023, Black Lotus Labs described SocksEscort as “among the most extensive networks of compromised devices aimed at small office/home office (SOHO) networking equipment observed in contemporary times.”
Back then, digital security reporter Brian Krebs disclosed that SocksEscort originated in 2009 as a Russian-speaking platform, providing entry to multitudes of breached personal computers.
{content}
Source: {feed_title}