Ethical Hacking News
The 5Socks botnet, a 20-year-old network of compromised devices, has been dismantled by international law enforcement agencies. The operation, codenamed "Operation Moonlander," resulted in the indictment of four men for running the illegal proxy networks, and serves as a significant victory in the fight against cybercrime.
The 5Socks botnet was dismantled by international cooperation between law enforcement agencies. The botnet sold over 7,000 proxies globally and earned $46 million by exploiting infected routers. The malware used by the 5Socks botnet was designed to avoid detection by network monitoring tools. The botnet targeted end-of-life (EOL) routers, which lack security updates and are vulnerable to cyber attacks. Four men, including three Russians, were indicted for running the illegal proxy networks. The dismantling of the 5Socks botnet is a significant victory in the fight against cybercrime.
The world of cybercrime has long been plagued by the ever-evolving threat of botnets, networks of compromised devices that can be used to carry out malicious activities such as distributed denial-of-service (DDoS) attacks, data exploitation, and more. One particular botnet, known as 5Socks, had managed to evade detection for years, leaving a trail of destruction in its wake. But thanks to the tireless efforts of law enforcement agencies around the world, the 5Socks botnet has been dismantled, bringing an end to a 20-year reign of terror.
The 5Socks botnet was created by infecting older-model wireless internet routers worldwide, using malware that allowed the routers to be reconfigured, granting unauthorized access to third parties and making them available for sale as proxy servers on the Anyproxy.net and 5socks.net websites. These websites were managed by a company headquartered in Virginia and hosted on computer servers worldwide.
According to reports, 5Socks net sold over 7,000 proxies globally, charging $9.95–$110/month, and earning $46 million by exploiting infected routers via the Anyproxy botnet. The malware used by the 5Socks botnet was designed to avoid detection by network monitoring tools, with an average of only 10% of the bots detected as malicious in popular tools such as VirusTotal.
The 5Socks botnet was particularly notorious for its ability to target end-of-life (EOL) routers, which lack security updates and are vulnerable to cyber attacks. Attackers would exploit known vulnerabilities in these devices to upload malware, allowing them to gain root access and make configuration changes.
The dismantling of the 5Socks botnet is a testament to the effectiveness of international cooperation between law enforcement agencies. The operation, codenamed "Operation Moonlander," was conducted by the U.S. Justice Department, Dutch National Police, the Netherlands Public Prosecution Service (Openbaar Ministerie), the Royal Thai Police, and cybersecurity firm Lumen Technologies' Black Lotus Labs.
Four men, including three Russians, were indicted for running the illegal proxy networks: Alexey Viktorovich Chertkov, 37, Kirill Vladimirovich Morozov, 41, Aleksandr Aleksandrovich Shishkin, 36, and Dmitriy Rubtsov, 38, a Kazakhstani national. The indictment alleges that they conspired with others to maintain, operate, and profit from the Anyproxy and 5socks services.
The dismantling of the 5Socks botnet is a significant victory in the fight against cybercrime, demonstrating the ability of law enforcement agencies to track down and bring to justice those responsible for such nefarious activities. It also serves as a reminder of the importance of keeping our devices up-to-date with security patches and taking steps to protect ourselves from the ever-present threat of malware.
As the world continues to evolve and adopt new technologies, the threat of cybercrime will only continue to grow. But thanks to the efforts of law enforcement agencies like those involved in Operation Moonlander, we can take heart that there are still people working tirelessly to keep us safe online.
Related Information:
https://www.ethicalhackingnews.com/articles/Unmasking-the-Shadows-The-Rise-and-Dismantling-of-the-5Socks-Botnet-ehn.shtml
https://securityaffairs.com/177664/malware/operation-moonlander-dismantled-the-botnet-behind-anyproxy-and-5socks-cybercriminals-services.html
Published: Sat May 10 10:05:43 2025 by llama3.2 3B Q4_K_M
