Tag Archives: Sextortion

Sextortion Botnet Spreads 30,000 Emails an Hour

Most of you have probably seen or heard of the threatening email that starts with “Hi, I know one of your passwords is: xxxxx“.  The email goes on to say that the email writer has infected the recipient’s PC, including access to the recipient’s webcam. The attacker claims, by virtue of installing the malware on the recipient’s computer, to have access to all of the recipient’s accounts and to have recorded the recipient engaging in adult activities which the attacker will share with the recipient’s address book if the recipient doesn’t fork over some money, pronto.  Of course the ransom should be paid in Bitcoin.

There are a number of variants to this email, but what is amazing is how the process works.

First, regarding the password, it is a legitimate password belonging to the recipient, but it is likely NOT obtained from hacking any computer, but rather, bought on the dark web as a result of one of the many breaches that we read about on a daily basis.

If you want to see at least some of where your passwords have been breached, go to MONITOR.FIREFOX.COM .  It asks for your email and when you enter it, you will see a report like this:

This data comes from Troy Hunt’s “Have I Been Pwned” database.  Troy has been collecting breach data for about 5 years and his database has about 8 BILLION breach records as of this writing.  All it asks for  is your email address and nothing more, so it will only report on breaches which have been associated with your email address, whether that is the userid that you use to log in with or was just part of the data compromised.

The attacker, in many cases, also claims to have video of the recipient engaging in adult sexual activities.  The attacker threatens to share this adult video with your address book.  Nothing is guaranteed, but it is unlikely that the attacker has compromised the recipient’s PC,  did capture a video or has captured the recipient’s address book.  A simple fix to this is covering your camera with a piece of tape (be careful not to get the gooey part on the camera lens or a camera slide cover available at Amazon for a couple of bucks and cover the camera when you are not using it.

More than likely, this is just a classical shakedown that mobsters have been doing for hundreds of years.

But what is more interesting is how this attack works.

The emails do not come from a single email account.

Rather, the attacker has purchased access to a botnet of compromised PCs (which, by the way, the recipient’s PC could be one of if he or she doesn’t have good cybersecurity practices in place).  Using this rented botnet of hundreds or thousands of PCs, the attacker sends out emails at the rate, in one case, of 30,000 emails per hour, which probably translates to a handful of emails per hour per compromised PC.

This makes it almost impossible to shut down, although there is a command and control (C&C) server which is feeding instructions to these compromised PCs – that is probably the best leverage point to shut it down.  Likely those C&C servers are in countries unfriendly to US law enforcement or move around frequently to make it harder to shut down.

If this one botnet is sending out 30,000 sextortion emails an hour, that translates to 250,000 emails in an 8 hour day (assuming the compromised bot turns off his or her computer at night and 750,000 emails a day if he or she leaves her computer on all the time.


If say one hundredth of one percent of those recipients pay, that translates to 75 payments per day.  If the attacker is asking, say, for $500, that translates to $37,500 a day, tax free.  Even if only 7 (one tenth of the above number) people respond a day, that translates to an annual income of $1,368,000.   From just one attacker.

THAT is why we see lots of spam.  Source: BBC

Facebooktwitterredditlinkedinmailby feather

Sextortion Campaign Adds a New Twist

Sextortion is malware that tries to convince you that the attacker has compromised your computer and has videos of you visiting adult web sites.  The attackers promise not to share the videos with your friends if you pay them money.  The videos do not exist, but scared people sometimes pay.

The new variant of the attack tells you to download a sample video to prove their claims.

In fact, the so called video is really malware.  The first piece of malware steals your account passwords, files and more.  The second piece of malware encrypts your data.

Before downloading the sample video you thought you had a problem.  After the download, you really do have a problem.

So, what should you do?

First of all, if you get a threatening email like the above, slow down, take a deep breath and consider things.

For most people – who don’t visit porn sites – keep your curiosity at bay and DELETE the email.  DO NOT OPEN THE ATTACHMENT!

I always recommend covering your webcam on your laptop.  If you have followed this advice, see the above.

For the very small group of people left, it you think that this video actually may exist, consult an expert.  They can safely deconstruct the attachment and figure out if it really what the attacker claims.

Lastly, as I always say, backup early.  And often.  Preferably multiple copies.  If possibly, at least one copy offline.  I keep at least one version of my backups in a bank vault.  Very hard to hack.

Source: Bleeping Computer.

Facebooktwitterredditlinkedinmailby feather

Sextortionists Shift Scare Tactics

Sextortion is the act of convincing vulnerable people, often teenagers, to provide the sextortionist with sexually explicit photographs and videos under the threat of releasing other embarrassing material, such nude pictures that may already privately exist in the victim’s email, text messages or private social media.

The attacker does this by convincing the victim that they have hacked into their victims digital life and already have what is there.

99% of the time, this is a complete scam,but scared people do desperate things – like sending (more) sexually explicit material to the attackers in the hopes of getting them to not publicly release material the hackers claim to have.  The hacker asks for a fraction of a bitcoin in payment.

One new tactic – including so called “legitimate” passwords to say, the user’s email account, in the pitch message.  These passwords are often legitimate in the sense that the user used it at one time.  This lends credibility to the pitch and the panicked victim does not think through how the hacker may have gotten that password. The attacker likely got the password from one of the thousands of cyber breaches.

So what should you do?  Well, there is before you get a request and after you get a request from a hacker.

Before, you should practice good cyber hygiene.  Install patches promptly for all software, stay away from sketchy web sites, choose good passwords, etc.

Second, enable two factor authentication – using either a text message to your phone as the second authentication factor, or, better yet, using one of the authenticator apps such as  Facebook authenticator or Google authenticator as the second factor.

For parents, talk with your kids about the risk of taking pictures that if, in the wild, would embarrass themselves or worse.

Finally, parents need to talk to their kids about sharing compromising pictures and videos with others, no matter how  much they think they are in love and no matter how many promises the other person makes.  Understand that kids may be under amazing social pressure to conform – do not underestimate that.

After the fact, kids need to trust their parents, even though they are embarrassed, confused and scared.  Parents need to work beforehand to get kids to understand that this is not something they can deal with by themselves.

Unfortunately, you may need to get legal advice and you should definitely not believe the hackers.  One suggestion:  ask for a sample of the photos that they claim to have.  If the hack is legit – likely it is not – then you need to decide what to do.  The police are going to say that you should go to them and that is probably an OK idea, but unless the hacker is someone you know, I would not get your hopes up.  

On the other hand, it may be someone your child knows.  In that case, you need to understand your options and a lawyer may be helpful.  Releasing so-called revenge porn is a crime in many states.

Certainly prevention is easier than dealing with something after the fact and there are no easy answers as kids, especially, tend to do unexpected things.  Discussing and planning is likely a good idea.

Source: Threatpost.



Facebooktwitterredditlinkedinmailby feather