Meet the Administrators of the RSOCKS Proxy Botnet

image
Authorities in the United States, Germany, the Netherlands and the U.K. last week said they dismantled the "RSOCKS" botnet, a collection of millions of hacked devices that were sold as "proxies" to cybercriminals looking for ways to route their malicious traffic through someone else's computer. While the coordinated action did not name the Russian hackers allegedly behind RSOCKS, KrebsOnSecurity has identified its owner as a 35-year-old Russian man living abroad who also runs the world's top Russian spamming forum. The RUSdot mailer, the email spamming tool made and sold by the administrator of RSOCKS. According to a statement by the U.S. Department of Justice, RSOCKS offered clients access to IP addresses assigned to devices that had been hacked: "A cybercriminal who wanted to utilize the RSOCKS platform could use a web browser to navigate to a web-based ‘storefront' (i.e., a public web site that allows users to purchase access to the botnet), which allowed the customer to pay to rent access to a pool of proxies for a specified daily, weekly, or monthly time period. The cost for access to a pool of RSOCKS proxies ranged from $30 per day for access to 2,000 proxies to $200 per day for access to 90,000 proxies." The DOJ's statement doesn't mention that RSOCKS has been in operation since 2014, when access to the web store for the botnet was first advertised on multiple Russian-language cybercrime forums. The user "RSOCKS" on the Russian crime forum Verified changed his name…

Source