Sextortion Botnet 30,000 Emails an Hour

A large-scale “sextortion” campaign is making use of a network of more than 450,000 hijacked computers to send aggressive emails, researchers have warned.

The emails threaten to release compromising photographs of the recipient unless $800 (£628) is paid in Bitcoin.

And they contain personal information - such as the recipient’s password - probably gathered from existing data breaches, to specifically target more than 27 million potential victims at a rate of 30,000 per hour.

While analysis suggests a small fraction of targets have fallen for the ploy, one expert said such botnets still offered a great “return on investment” for cyber-criminals.

A botnet can be used for many, many things, this was just one task assigned to it.

 

What is a Botnet?

A botnet is a network of computers taken over by hackers using malicious software typically spread via infected web pages or email attachments.

They can carry out attacks spread across a wide number of machines, making it harder to disrupt and the attacker’s origins harder to trace.

Security company Check Point said this latest sextortion attack used the Phorpiex botnet, active for more than a decade. Those whose computers had been hijacked would probably not know. Attackers are simply using the victims' computers as vessels.

Spreading an email campaign across a botnet in this way would reduce the risk of the emails being flagged as spam - though it’s not clear how many were able to reach people’s inboxes.

You can try to protect against these kinds of attacks by using the latest versions of software - such as web browsers, in this instance.

A typical email sent by the botnet - with the subject line: “Save Yourself” - will say: “My malware gave me full access to all your accounts (see password above), full control over your computer and it was possible to spy on you over your webcam.” Our reaction to this is, "But there's no webcam?".

The claim is not true but the emails include a genuine password associated with the target’s email address.

The attacker is saying, "Hey, we hacked your computer, we saw you doing this and that, and this proves it. This is your password.” REMEMBER, "You don't have webcam!".

You have to question, the email has come out of the blue. It is from an unknown email address. It is something you are not expecting. It is telling YOU what you have or have not. Even if the password matches your current one (don't forget about the webcam!). What if you have both? The password matches and you have webcam? Going back to the beginning of this, who is this email from? How did they get your email? Is it personally addressed? Someone you know? Question everything and then, DELETE, MARK AS SPAM, BLOCK AND IGNORE. Are you really going to give money to someone just emailing you like this out of the blue? If so, let everyone know!

One Bitcoin wallet which was used to collect funds from the scam had about 11 bitcoins - almost $100,000 - collected in a five-month period.

Most people don't fall for sextortion scams. But it’s the rule of big numbers. If someone sends 100,000 sextortion emails, it’s enough that 100 people fall for the trap. The scammer gets their money.

It was likely the same botnet was being used to carry out other, more lucrative attacks, such as the theft of credit card details.

This isn't just a teen in his bedroom messing around with computers. It’s a group of individuals doing this for their day jobs. This is their business.


at 08:16am, 17/10/2019

Updated: at 08:34am, 17/10/2019

Been read 329 times

Similar Articles

Web Host 123-reg Deletes Sites in Clean-up Error


Yes, this may be an old story from 2016 but it is still worth a read. It's also worth remembering to make your own regular backups at all times no matter who your web host may be. Web hosting firm 123-reg has accidentally deleted an...