A bot malware network that has infected millions of computers, Android phones and IoT devices has been shut down

U.S. Department of Justice it announced that the Russian bot network RSocks malware, which infected millions of computers, Android smartphones and IoT (Internet of Things) devices around the world, has been shut down.

The FBI and the police of Germany, the Netherlands and Great Britain, where parts of the botnet infrastructure were located, took part in this operation.

A botnet is a group of devices that threat actors can remotely control to carry out various types of attacks, including DDoS attacks, cryptocurrency mining, and the installation of additional malware.

In particular, RSocks was used to turn hijacked computers into proxy servers, which allowed botnet users to use them for malicious activities or to mask the origin of attacks so that they looked like they came from the IP addresses of infected computers. Using a proxy service makes it difficult to track attackers, especially when IP addresses belong to people who are unaware that their devices have been hacked.

RSocks has also been promoted as a shopping bot.

FBI agents started mapping the RSocks infrastructure back in 2017 when they bought access to a large number of proxies.

According to the United States Department of Justice, the cost of access ranged from $ 30 a day for 2,000 proxies to $ 200 a day for 90,000 proxies.

At the time, investigators had identified 325,000 compromised devices, many of which are in the United States.

“Several large public and private entities are victims of the RSocks botnet, including a university, a hotel, a television studio and electronics manufacturers, as well as home businesses and individuals,” the ministry said in a statement.

Although the bot network RSocks was seriously disrupted by this action, apparently no one was arrested in this police action.

Botnets are a constant threat to poorly protected devices such as routers and other “smart” IoT devices connected to the Internet that are often neglected and left unattended for extended periods of time. To protect IoT devices, owners should always replace the default password with a stronger password, install the latest available firmware updates, and set up a separate IoT network, which should be isolated from important devices.



Source: Informacija.rs by www.informacija.rs.

*The article has been translated based on the content of Informacija.rs by www.informacija.rs. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!

*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.

*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!