{"id":10150,"date":"2013-03-20T00:00:43","date_gmt":"2013-03-20T07:00:43","guid":{"rendered":"http:\/\/blog.webroot.com\/?p=10150"},"modified":"2018-01-30T12:23:52","modified_gmt":"2018-01-30T19:23:52","slug":"hacked-pcs-as-anonymization-stepping-stones-service-operates-in-the-open-since-2004","status":"publish","type":"post","link":"https://www.webroot.com/blog/2013\/03\/20\/hacked-pcs-as-anonymization-stepping-stones-service-operates-in-the-open-since-2004\/","title":{"rendered":"Hacked PCs as ‘anonymization stepping-stones’ service operates in the open since 2004"},"content":{"rendered":"

By Dancho\u00a0Danchev<\/strong><\/p>\n

On the majority of\u00a0occasions, cybercriminals will take basic OPSEC (Operational Security)<\/strong><\/a> precautions when using the Internet, in an attempt to make it harder for law enforcement<\/strong><\/a> to keep track of their fraudulent activities. Over the years, these techniques have greatly evolved to include hybrid online anonymity solutions<\/strong><\/a>\u00a0offered exclusively to cybercriminals internationally.<\/p>\n

In this post, I’ll profile a cybercrime-friendly\u00a0service that’s been offering hacked PCs to be converted into “anonymization stepping-stones” since 2004.<\/p>\n

More details:<\/p>\n

\"Malware_Infected_Host_Stepping_Stone_Socks_Server_Anonymity_Cybercrime\"<\/a><\/p>\n

The service offers a self-serving DIY Web interface, allowing potential cybercriminals looking for ways to hide their online activities<\/strong><\/a>, to\u00a0not only gain access to malware-infected hosts internationally, but to\u00a0“chain” multiple hosts in an attempt to make it even harder to law enforcement to track them down. According to its description, 4000 new “Socks4\/5 proxy servers” are added to the service on a daily basis. And in order to make it even easier for cybercriminals to use the service, it features a custom coded Proxy Management Software\u00a0which greatly assists cybercriminals interacting with the service.<\/p>\n

Sample screenshot of the DIY Web interface:<\/strong><\/p>\n

\"Malware_Infected_Host_Stepping_Stone_Socks_Server_Anonymity_Cybercrime_02\"<\/a><\/p>\n

Sample screenshot of the service-branded Proxy Management Software:<\/strong><\/p>\n

\"Malware_Infected_Host_Stepping_Stone_Socks_Server_Anonymity_Cybercrime_01\"<\/a><\/p>\n

The service allows cybercriminals to easily “autochange” the proxies in use, and automatically rotate them in an attempt to make their activities nearly impossible to trace.<\/p>\n

Sample screenshot of a connected Socks 4\/5 proxy in action:<\/strong><\/p>\n

\"Malware_Infected_Host_Stepping_Stone_Socks_Server_Anonymity_Cybercrime_03\"<\/a><\/p>\n

Sample statistics of malware-infected hosts internationally, to be used as “anonymization\u00a0stepping-stones”:<\/strong><\/p>\n

\"Malware_Infected_Host_Stepping_Stone_Socks_Server_Anonymity_Cybercrime_04\"<\/a><\/p>\n

Sample geolocated\u00a0malware-infected hosts, courtesy of the cybercrime-friendly service:<\/strong><\/p>\n

\"Malware_Infected_Host_Stepping_Stone_Socks_Server_Anonymity_Cybercrime_05\"<\/a><\/p>\n

The prices are as follows:<\/strong><\/p>\n