Beware of Backdoor Bot
The FBI has identified six VPNs associated with the “911 S5 Bot” services. A public service announcement has been published to educate individuals and businesses about these bots and how to detect and remove them. The VPNs containing these backdoors include MaskVPN, DewVPN, PaladinVPN, ProxyGate, ShieldVPN, and ShineVPN, which have allegedly infected over 19 million IP addresses. According to a news report published on May 29, the suspect behind this proxy, YunHe Wang, has been arrested by the United States Department of Justice and the botnet has been dismantled.
What is this backdoor bot? In general, the proxy back doors pose a significant threat as they create potential gateways for criminals to conduct a range of harmful activities. Such activities may include, but are not limited to, financial fraud and identity theft. The criminal could potentially gain unauthorized access to personal and financial information stored on the infected devices, thereby compromising the individual’s security. Furthermore, these back doors could also be used to exploit for carding attempts, which involve the unauthorized use of stolen credit card data, a horrible experience for those merchants whom had encountered this before.
The nature of this backdoor bot allow the criminals to remotely manipulate the infected device, executing commands for malicious acts. This technique is particularly insidious because, from the perspective of the targeted victims, the incoming traffic does not appear to be originating from a VPN. Instead, it is disguised and appears as if it’s coming from a regular residential IP address, thereby accessing the service or making the purchase without raising suspicion. This deceptive tactic makes detection challenging, as standard methods of identifying VPN or anonymous proxy traffic may not be effective against this unique threat.
To combat such a sophisticated form of intrusion, it’s critical to employ several detection methods. One such method is ‘velocity checks.’ Velocity checks encompass the monitoring and analysis of the frequency and pattern of specific actions or transactions over a given period. You can monitor for any abnormal behavior by checking the IP address, email address, device, and total sales using fraud validation rules. For instance, if your sales history indicates that the average sales per user should not exceed 3, you may want to review the order if it exceeds this threshold.
Another crucial area to monitor closely would be any sudden or unexpected changes in the billing or shipping addresses associated with an account or a series of transactions. This could be indicative of fraudulent activity as the device could be potentially exploited and tampered by the fraudsters. Similarly, it is also important to keep a close watch on the shopping behavior of users. For example, if users are consistently making purchases at odd hours that are unusual based on their past behavior or the norms of your customer base, it may signal that something amiss.
To summarize, you may not always be able to predict the specific types of fraud or crime that may be directed towards your business. However, by understanding your business well and devising appropriate validation rules and safeguard measures, you can significantly enhance the protection of your online business against these threats. It’s advisable to regularly check your sales data for a better understanding of the sales patterns. This way, you can easily detect any abnormalities.
