Socks5Systemz proxy service infects 10,000 systems worldwide

A proxy botnet called 'Socks5Systemz' has been infecting computers worldwide via the 'PrivateLoader' and 'Amadey' malware loaders, currently counting 10,000 infected devices. The malware infects computers and turns them into traffic-forwarding proxies for malicious, illegal, or anonymous traffic. Socks5Systemz is detailed in a report by BitSight that clarifies that the proxy botnet has been around since at least 2016 but has remained relatively under the radar until recently. The Socks5Systemz bot is distributed by the PrivateLoader and Amadey malware, which are often spread via phishing, exploit kits, malvertizing, trojanized executables downloaded from P2P networks, etc. Exe,' and their task is to inject the proxy bot onto the host's memory and establish persistence for it via a Windows service called 'ContentDWSvc. The proxy bot payload is a 300 KB 32-bit DLL. It uses a domain generation algorithm system to connect with its command and control server and send profiling info on the infected machine. The connect command is crucial, instructing the bot to establish a backconnect server connection over port 1074/TCP. Once connected to the threat actors' infrastructure, the infected device can now be used as a proxy server and sold to other threat actors. When connecting to the backconnect server, it uses fields that determine the IP address, proxy password, list of blocked ports, etc. These field parameters ensure that only bots in the allowlist and with the necessary login credentials can interact with the control servers, blocking unauthorized attempts. BitSight mapped an extensive control infrastructure of 53 proxy bot, backconnect, DNS, and address acquisition servers located mainly in France and across Europe. Since the start of October, the analysts recorded 10,000 distinct communication attempts over port 1074/TCP with the identified backconnect servers, indicating an equal number of victims. Access to Socks5Systemz proxying services is sold in two subscription tiers, namely 'Standard' and 'VIP,' for which customers pay via the anonymous payment gateway 'Cryptomus. Subscribers must declare the IP address from where the proxied traffic will originate to be added to the bot's allowlist. Standard subscribers are limited to a single thread and proxy type, while VIP users can use 100-5000 threads and set the proxy type to SOCKS4, SOCKS5, or HTTP. Prices for each service offering are given below. Residential proxy botnets are a lucrative business that has a significant impact on internet security and unauthorized bandwidth hijacking. These services are commonly used for shopping bots and bypassing geo-restrictions, making them very popular. In August, AT&T analysts revealed an extensive proxy network comprising over 400,000 nodes, in which unaware Windows and macOS users were serving as exit nodes channeling the internet traffic of others. Qakbot botnet dismantled after infecting over 700,000 computers. P2PInfect botnet activity surges 600x with stealthier malware variants. Mirai variant infects low-cost Android TV boxes for DDoS attacks.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000


Cyber News related to Socks5Systemz proxy service infects 10,000 systems worldwide

Socks5Systemz proxy service infects 10,000 systems worldwide - A proxy botnet called 'Socks5Systemz' has been infecting computers worldwide via the 'PrivateLoader' and 'Amadey' malware loaders, currently counting 10,000 infected devices. The malware infects computers and turns them into traffic-forwarding ...
1 year ago Bleepingcomputer.com
VB.NET Proxy and VPN Check with IP2Location.io - Virtual Private Network servers are proxy servers that people use daily when browsing the Internet. As most of us are aware, websites track their visitors for advertising and marketing purposes. That's the same reason that people use residential ...
1 year ago Feeds.dzone.com
CVE-2024-37891 - urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP requests *without* ...
6 months ago
Stealthier version of P2Pinfect malware targets MIPS devices - The latest variants of the P2Pinfect botnet are now focusing on infecting devices with 32-bit MIPS processors, such as routers and IoT devices. Due to their efficiency and compact design, MIPS chips are prevalent in embedded systems like routers, ...
1 year ago Bleepingcomputer.com
MySQL servers targeted by 'Ddostf' DDoS-as-a-Service botnet - MySQL servers are being targeted by the 'Ddostf' malware botnet to enslave them for a DDoS-as-a-Service platform whose firepower is rented to other cybercriminals. This campaign was discovered by researchers at the AhnLab Security Emergency Response ...
1 year ago Bleepingcomputer.com
How to secure on-prem apps with Entra Application Proxy - If your internal web applications are still internet-facing, then it's time to move away from turning your firewall into Swiss cheese just to externalize apps for your users. To reduce the attack surface, a traditional method, such as a VPN, has its ...
9 months ago Techtarget.com
CVE-2021-20698 - Sharp NEC Displays (UN462A R1.300 and prior to it, UN462VA R1.300 and prior to it, UN492S R1.300 and prior to it, UN492VS R1.300 and prior to it, UN552A R1.300 and prior to it, UN552S R1.300 and prior to it, UN552VS R1.300 and prior to it, UN552 ...
2 years ago
CVE-2021-20699 - Sharp NEC Displays ((UN462A R1.300 and prior to it, UN462VA R1.300 and prior to it, UN492S R1.300 and prior to it, UN492VS R1.300 and prior to it, UN552A R1.300 and prior to it, UN552S R1.300 and prior to it, UN552VS R1.300 and prior to it, UN552 ...
2 years ago
IT and OT cybersecurity: A holistic approach - In comparison, OT refers to the specialized systems that control physical processes and industrial operations. OT Technologies include industrial control systems, SCADA systems and programmable logic controllers that directly control physical ...
11 months ago Securityintelligence.com
The Embedded Systems and The Internet of Things - The Internet of Things is a quite new concept dealing with the devices being connected to each other and communicating through the web environment. This concept is gaining its popularity amongst the embedded systems that exist - let's say - 10 or ...
1 year ago Cyberdefensemagazine.com
PurpleFox malware infects thousands of computers in Ukraine - The Computer Emergency Response Team in Ukraine is warning about a PurpleFox malware campaign that has infected at least 2,000 computers in the country. The exact impact of this widespread infection and whether it has affected state organizations or ...
10 months ago Bleepingcomputer.com
Creating a New Market for Post-Quantum Cryptography - A day in the busy life of any systems integrator includes many actions that revolve around the lifeblood of its business - its customers. Systems integrators help solve evolving customer business challenges, which in turn adds partner value. It's a ...
1 year ago Securityboulevard.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
Samsung Galaxy S23 hacked twice on first day of Pwn2Own Toronto - Security researchers hacked the Samsung Galaxy S23 twice during the first day of the consumer-focused Pwn2Own 2023 hacking contest in Toronto, Canada. They also demoed exploits and vulnerability chains targeting zero-days in Xiaomi's 13 Pro ...
1 year ago Bleepingcomputer.com
49 unique zero-days Uncovered in Pwn2Own Automotive - On the final day of Pwn2Own Automotive 2024 - Day 3, researchers were granted $1,323,750 in rewards for identifying 49 distinct zero-days. Particularly, the infotainment system and modem of Tesla were attacked by the Synacktiv team, and each ...
10 months ago Cybersecuritynews.com
US dismantles 911 S5 botnet used for cyberattacks, arrests admin - The U.S. Justice Department and international partners dismantled the 911 S5 proxy botnet and arrested 35-year-old Chinese national YunHe Wang, its administrator. As early as 2011, Wang and his conspirators pushed malware onto victims' devices using ...
6 months ago Bleepingcomputer.com
New proxy malware targets Mac users through pirated software - Cybercriminals are targeting Mac users with a new proxy trojan malware bundled with popular, copyrighted macOS software being offered on warez sites. Proxy trojan malware infects computers, turning them into traffic-forwarding terminals used to ...
1 year ago Bleepingcomputer.com
Bigpanzi botnet infects 170,000 Android TV boxes with malware - A previously unknown cybercrime syndicate named 'Bigpanzi' has been making significant money by infecting Android TV and eCos set-top boxes worldwide since at least 2015. Beijing-based Qianxin Xlabs reports that the threat group controls a ...
11 months ago Bleepingcomputer.com
PurpleFox malware infected thousands of systems in Ukraine - The Computer Emergency Response Team in Ukraine is warning about a PurpleFox malware campaign that has infected at least 2,000 computers in the country. The exact impact of this widespread infection and whether it has affected state organizations or ...
10 months ago Bleepingcomputer.com
CVE-2022-34321 - Improper Authentication vulnerability in Apache Pulsar Proxy allows an attacker to connect to the /proxy-stats endpoint without authentication. The vulnerable endpoint exposes detailed statistics about live connections, along with the capability to ...
9 months ago
CVE-2021-20589 - Buffer access with incorrect length value vulnerability in GOT2000 series GT27 model communication driver versions 01.19.000 through 01.38.000, GT25 model communication driver versions 01.19.000 through 01.38.000, GT23 model communication driver ...
1 year ago
Treasury Sanctions Creators of 911 S5 Proxy Botnet - The U.S. Department of the Treasury today unveiled sanctions against three Chinese nationals for allegedly operating 911 S5, an online anonymity service that for many years was the easiest and cheapest way to route one's Web traffic through ...
6 months ago Krebsonsecurity.com
Pentagon Received Over 50,000 Vulnerability Reports Since 2016 - The US Department of Defense on Friday announced that it has processed 50,000 reports received as part of its continuous vulnerability disclosure program launched in November 2016. A first in the history of the federal government, the program was ...
9 months ago Securityweek.com
Pentagon Received Over 50,000 Vulnerability Reports Since 2016 - The US Department of Defense on Friday announced that it has processed 50,000 reports received as part of its continuous vulnerability disclosure program launched in November 2016. A first in the history of the federal government, the program was ...
9 months ago Packetstormsecurity.com
Pirated Software Puts Mac Users at Risk as Proxy Malware Emerges - Malware is being targeted at Mac users who receive pirated versions of popular apps from warez websites after they choose to download them from those websites. Various reports state that cybercriminals are infecting macOS devices with proxy trojans ...
1 year ago Cysecurity.news

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)