Compromised, hacked hosts and PCs are a commodity in underground markets today. More cybercriminals are populating the market segment with services tailored to fellow cybercriminals looking for access to freshly compromised PCs to be later abused in a variety of fraudulent/malicious ways, all the while taking advantage of their clean IP reputation. Naturally, once the commoditization took place, cybercriminals quickly realized that the supply of such hosts also shaped several different market segments. They offered tools and services that specialize in the integration of this supply into various cybercrime-friendly tools and platforms, empowering virtually anyone using them with the desired degree of non-attribution in terms of tracing an attack, or a salable fraudulent model relying exclusively on malware-infected hosts.
A newly launched DIY compromised hosts/proxies syndicating tools, empowers cybercriminals with both, access to paid (freshly) compromised or free ones, through the direct syndication of services that specialize in the supply of such commoditized malware-infected hosts. What’s so special about this tool, anyway? Let’s find out.
Sample screenshots of the DIY compromised hosts/proxies syndicating tool:
Next to the tool’s core function of syndicating fresh proxies, from both paid and free vendors that specialize in the supply of such type of hosts, it has a built-in feature that validates whether they’re working or not. It also has the ability to change the user agent, test against any given Web site, segment the type of proxies (for instance HTTP, Socks4 or Socks5), as well as visual representation separating working from non-working proxies. Most importantly, the existence of this tool — and the competing alternatives — is a great example of the existence of a fraudulent ecosystem, taking into consideration the fact that its author is merely improving the usability of the service offered by vendors supplying the hosts, ultimately resulting in a win-win-win situation for the tool’s author, the vendor and the potential customer of the tool.
With more cracked/leaked/public/commercially available DIY malware/botnet generating tools continuing to pop up on our radars, we’re certain that we’ll continue observing a steady supply of malware-infected hosts to be efficiently integrated in multiple cybercrime-facilitating tools, services, and platforms.