With a Massive Botnet Recently Disrupted, Let’s Review What a Botnet Is

With a Massive Botnet Recently Disrupted, Let’s Review What a Botnet Is

It was very recently revealed that a global law enforcement effort took down a massive botnet that was in action for almost a decade. In light of this, we wanted to review what a botnet is and how it works, drawing from these events for some context.

Let’s begin by summarizing the situation.

A Botnet, Potentially the Biggest Ever, Was Disrupted

It has been alleged by the Justice Department that YunHe Wang, a 35-year-old national of the People’s Republic of China, created and disseminated malware that compromised millions of private Windows computers around the world and incorporated them into a massive botnet known as 911 S5. According to the indictment, Wang then provided access to the 19 million infected IP addresses to other cybercriminals, personally amassing millions of dollars.

Court documents state that Wang was able to accomplish this by offering a free virtual private network—allowing 911 S5 users to hide their traffic in these machines—and by bundling it in with pirated software downloads. The cybercriminals that he allegedly sold this access to then used the undermined computers to commit a litany of crimes, including cyberattacks of their own, widespread fraud, online harassment, child exploitation, export violations, and bomb threats. According to the claims made in the indictment, Wang’s approximately $99 million in sales between 2018 and July of 2022 allowed him to purchase various assets around the world, including 21 pieces of property, numerous vehicles, cryptocurrency wallets, and much more.

According to the indictment, 911 S5 has also enabled the theft of billions from financial institutions, credit card issuers, and federal lending programs, as well as fraudulent claims being made to pandemic relief programs.

Law enforcement first caught wind of this operation when IP addresses purchased from 911 S5 were used with stolen credit card details to place orders on ShopMyExchange, the Army and Air Force Exchange Service’s e-commerce platform. After an international investigation, Wang has been charged with conspiracy to commit computer fraud, substantive computer fraud, conspiracy to commit wire fraud, as well as conspiracy to commit money laundering… all of which could potentially penalize him with 65 years in prison, should he be convicted on all counts.

So, What is a Botnet?

A botnet is a collection of Internet-connected computers and other devices that are networked together and can be used to accomplish a bad actor’s goals without the owner knowing. There are various uses that cybercriminals have for botnets. Some will use them as the muscle behind a cyberattack, committing the computing resources of every involved device to overcoming a system’s protections. Others will use them to perform credential stuffing, which is a means of breaking into an account by trying lists of stolen usernames and passwords. Some will use them to mine for cryptocurrency.

Long story short, it’s a lot of people’s devices being used without their knowledge or permission to do something most of those people likely wouldn’t approve of.

What Can We Learn from this Situation?

First and foremost, always, always, always download any software from a legitimate and verifiable source. It’s good to remember that nothing is ever free… you’ll always pay for it in some way, shape, or form. In the case of all the people who used the “free” VPN, they paid for it by having their devices co-opted for cybercriminal activity.

If you are one of these people, it is important that you remove the applications installed by 911 S5, which the FBI has provided some guidance into.

Second, 911 S5 is relevant enough that it bears bringing up the dangers of shadow IT in a business. While it was targeted at personal users and computers, is it really that hard to think that one of your team members might have installed it or something similar? You need to know that your team will not just go and install things on their own computers, and that they’ll turn to IT for help in obtaining what they need. 

Otherwise, they run the risk of installing pirated or cracked software (software with its copy protections removed), which can very easily cause both operational and legal troubles for your business… and that’s without taking the potential of being part of a botnet into account.

If you need an IT resource for your team to turn to, we’re here to help. White Mountain IT Services helps New Hampshire businesses with all things information technology, and we do it in such a way that, ideally, you won’t even know we’re there. Give us a call at (603) 889-0800 today to learn more.

White Mountain IT

Related Posts

Virtualization Translates to More Savings, Efficiency, and Security

How often does your business find that it’s struggling with new technology implementation, either on the software side of the house or on the hardware side? Have you considered that the cloud provides powerful solutions to your business’ woes in the form of virtualization? With the right resources at your disposal, you can use virtualization to create incredible opportunities to improve operations...

Research Shows Many New Cybersecurity Professionals are Doomed to Make Blunders

Unfortunately, cyberattacks will only continue in the weeks, months, and years to come, making it increasingly essential that businesses have access to cybersecurity expertise. Even more unfortunately, professionals with this level of expertise are becoming harder to find. Globally, we’re short almost four million people, and those we have are prone to make mistakes in their first few years. This ...

The Impact Ransomware Has on All of Us

We’ve spent the last few weeks discussing ransomware's impacts on different subsets. First, we discussed how a ransomware attack impacts the customers of the infected business, and then we touched on the infected business itself. To end, we want to touch on ransomware's impacts on society, specifically regarding economic health and geopolitical security, known as third-order harms. Make No Mist...

Apple Users Hit with Rare Cyberattack: What Can We Learn?

On Wednesday, April 10, 2024, Apple deemed it necessary to send a rare alert to certain users via email, spread out across 92 nations. As Apple’s website states, these threat notifications “are designed to inform and assist users who may have been individually targeted by mercenary spyware attacks.” Let’s review these attacks so we all understand this threat better. What are Mercenary Attacks? ...

Sound Familiar?

Here are some of the most common complaints we hear from businesses that aren’t satisfied with their IT vendor and want to switch to White Mountain.

There is a Better Way!

Give White Mountain IT a Call Today

BOOK A CALL

Nationwide Remote IT Services,

Without a Long Term Contract.

We provide services and support to businesses throughout the US. If we do not have an on-site resource in your area, we can manage a local vendor to provide on-site assistance if and when needed.

All our Managed Services are carried out by our dedicated team of full-time employees. These professionals have successfully cleared multiple security and background checks, ensuring the highest level of service and reliability for your business. 

Need an Onsite Visit?

We've Got You Covered!

Manchester N.H. Office:

121 Riverfront Drive
Manchester NH 03102

Nashua N.H. Office:

33 Main Street
Suite 302
Nashua NH 03064

Client Help Desk        603-889-2210

New Client Inquiries   603-889-0800

OPEN POSITIONS

Client Help Desk

603-889-2210

New Client Inquiries
   603-889-0800

© 2024 All Rights Reserved. copy_right_image

Protected by Copyscape Plagiarism Checker – Do not copy content from this site.