Botnet spreads 30,000 sextortion emails in an hour

Recipients ordered to pay $800 in Bitcoin under threat of compromising photos leaking online

Some 450,000 hijacked computers have been used to send phishing scams in a large scale "sextortion" campaign, with victims receiving emails threatening to release compromising photos of recipients unless they cough up $800 in Bitcoin.

The campaign using botnets to target more than 27 million victims at a rate of 30,000 per hour with their own personal information, supposedly taken from previous data breaches.

There is a suggestion that only a small number have opened the emails, but researchers believe botnets still offered a great "return on investment" for hackers.

"A botnet can be used for many, many things," said Charles Henderson, from IBM's X-Force Red security team, according to the BBC. "This was just one task assigned to it."

A botnet is a network of computers that have been compromised by hackers, usually by malware spread via infected webpages of malicious email attachments. They can quickly send out and spread attacks across a wide number of machines and mask hackers tracks.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

So far, the closest anyone has come to finding the culprits is through security firm Check Point, which monitored one of the Bitcoin wallets being used to collect funds from the scam.

In other sexploitation news, more than 300 people have been arrested after the world's "largest dark web child porn marketplace" was shut down by UK investigators.

The site had more than 200,000 videos, all of which had been downloaded more than a million times, but was taken down last year after a UK investigation into a child sex offender led to its existence.

Although it had been shut down a year ago, officials revealed on Wednesday that 337 suspects had been arrested in 38 countries with US authorities unsealing nine indictments against the site's owner, Jong Woo Son, a 23-year-old man from South Korea, according to TechCrunch.

The UK's National Crime Agency has revealed the arrests were made in the UK, Ireland, America, South Korea, Germany, Spain, Saudi Arabia, the United Arab Emirates, the Czech Republic and Canada - as well as many more.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Most Popular

Visit/policy-legislation/data-governance/354496/brexit-security-talks-under-threat-after-uk-accused-of
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/hardware/laptops/354533/dell-xps-13-new-9300-hands-on-review-chasing-perfection
Laptops

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020
Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020