Image copyright Check Point Image caption A portion of one typical email sent by the botnet
A large-scale “sextortion” campaign is making use of a network of more than 450,000 hijacked computers to send aggressive emails, researchers have warned.
The emails threaten to release compromising photographs of the recipient unless $800 (£628) is paid in Bitcoin.
And they contain personal information - such as the recipient’s password - probably gathered from existing data breaches, to specifically target more than 27 million potential victims at a rate of 30,000 per hour.
While analysis suggests a small fraction of targets have fallen for the ploy, one expert said such botnets still offered a great “return on investment” for cyber-criminals.
“A botnet can be used for many, many things,” said Charles Henderson, from IBM’s X-Force Red security team. “This was just one task assigned to it.”
Hard to trace
A botnet is a network of computers taken over by hackers using malicious software typically spread via infected web pages or email attachments.
They can carry out attacks spread across a wide number of machines, making it harder to disrupt and the attacker’s origins harder to trace.
Security company Check Point said this latest sextortion attack used the Phorpiex botnet, active for more than a decade.
Research head Yaniv Balmas said those whose computers - Windows or Mac - had been hijacked would probably not know.
“Attackers are simply using the victims' computers as vessels,” he said.
'Save Yourself'
Spreading an email campaign across a botnet in this way would reduce the risk of the emails being flagged as spam - though it’s not clear how ..
Support the originator by clicking the read the rest link below.
