Malware analysts are reporting that someone has hijacked the Phorpiex
botnet and is contacting users. Telling them they’ve been infected by a virus.
But it turned out that the
sabotage of the Phorpiex operations was actually happening in the real world on
customer system and not simply a virtual machine popup.  Check Point’s Cyber Research, Yaniv Balmas,
said this is actually happening, as he pointed out that they are closely
observing the situation. He stated that the activities of the malware group
began a few hours ago.
Balmas gave several reasons why this was happening. He mentioned some scenarios, such as a rival malware sabotaging the Phorpiex, a vigilante researcher trying to resolve the situation by themselves, a law enforcement action, or the malware operators quitting and shutting down operations by themselves.
According
to Balmas, the most likely cause could be due to a
hijack, if records from the Phorpiex developer are something to base on.
Another malware analyst suggested the same scenario
The Phorpiex developer has
strong competition in the botnet game, so it wouldn’t surprise anyone if they
try to cause problems for him. According to the second analyst, who refused to
give his name, the reason for the sabotage could be because of jealousy or
something similar because of the success of Phorpiex.
However, the analyst said the Phorpiex developer is careless and extremely lazy. According to him, anyone could possibly hijack the botnet because of its simplistic IRC-based command and control system.
According to confirmed research, Phorpiex malware has been operational for more than 10 years. But it has suffered a series of attacks within this period. Most of the breaches were a result of the developer’s carelessness and lack of seriousness to protect its system from attack.
Two years ago, the developer was careless to keep the command and control backend of the Botnet exposed online . But security experts were able to recover about 4.3 million email addresses before the Phorpiex group could infiltrate using spam emails.
When it comes to spam
botnets, Phorpiex is one of the most active. The Phorpiex syndicate carries out
its activities by infiltrating windows computers taking the systems are spam
bots to release enormous spam emails.
The spam emails infect new
computers with Phorpiex, which keeps the spam botnet alive. However, they
equally release custom spam messages for other cybercrime syndicates, which is
how the crew makes money from their campaign.
The future operations and profits
of the Phorpiex are under threat with the activities of the group that hijacked
the botnet.
For an estimate of the amount the Phorpiex group lost, CheckPoint revealed that the botnet received about $115,000 within five months. This revenue is coming only from the mass spamming using the extortion emails.
The 4.3 million leaked from
command and control server was reported by Vertek Corporation, a threat
intelligence analysis.
The security team was
investigating a malware activity that distributes a version of the Trik Trojan.
The research team found out that the GanCrab and Trik trojan usually download
malicious files which infiltrated users’ system via an online server coming
from IP address.
The researcher reported that the group that orchestrated the malware activity reconfigured its sever and allowed unauthorized access to anyone online with an IP address. He found out about 2201 test files from a server that contains about 20 million email addresses each.
The researcher told Bleeping
Computer that the group behind this operation misconfigured its server and left
its content accessible to anyone accessing the IP directly.
The researcher feels that the server operators have been utilizing the recipients’ lists to provide information and data to other cybercriminals .
According to the researcher,
the data list was pulled to validate that they are legitimate and unique. The
researchers are now collaborating with Troy Hunt, an Australian security
researcher, to find out how many of the mails have been exposed and how many
are open to attack.
 The email addresses were not drawn from a
particular location. They were about 4.5 million addresses collected from
everywhere and from different IP addresses. The email addresses were also from
different domains from .com to .gov, and other domains from private businesses.
pc richards cc best bins for cc