Law enforcement has dismantled a botnet responsible for infecting routers worldwide over 20 years, used to create illegal proxy networks, Anyproxy and 5socks. This operation involved international cooperation, arrests, and seizure of servers hosting these malicious services. (Affected: Global internet infrastructure and cybercriminal activities)
Keypoints :
- The botnet infected over a decade-old wireless routers globally, allowing unauthorized access for proxy services since at least 2004.
- The illegal proxy networks, Anyproxy and 5socks, promoted over 7,000 proxies and generated more than $46 million from subscriptions.
- The operators, including three Russian nationals and one Kazakhstani, managed the services via servers in multiple countries, including Russia, the Netherlands, and Turkey.
- The services were used for illicit activities such as ad fraud, DDoS attacks, brute forcing, and data exploitation, with users paying monthly fees between $9.95 and $110.
- The FBI issued warnings about the targeting of end-of-life routers with malware to facilitate anonymous cybercrimes and proxy use.
- Many targeted devices included models from Linksys and Cisco, with malware variants like TheMoon enabling proxy installation on vulnerable routers.
- Law enforcement’s joint operation involved agencies from the US, Netherlands, and Thailand, including cybersecurity firms like Black Lotus Labs.
Views: 8