‘Aaron Smith’ Sextortion Scam Appears To Leverage On The Necurs Botnet Infrastructure




Sextortion scam campaigns that seem to leverage on the Necurs botnet infrastructure have been as of late revealed by security specialists from Cisco Talos. The specialists investigated the two campaigns, and named them 'Aaron Smith' sextortion scams after the 'From: header' of the messages.

In October the specialists the Cybaze ZLab detected a scam campaign that was focusing on a few of its Italian clients, crooks used credentials in Break Compilation Archive.

These law breakers utilize email addresses and cracked passwords acquired through phishing attacks and information breaches to convey the scam messages to potential unfortunate victims putting on a show to be in control of videos and indicating them while viewing these explicit videos and the scammer in turns requesting an installment in cryptocurrency for not sharing the video.

The Aaron Smith campaigns conveyed an aggregate of 233,236 sextortion messages from 137,606 unique IP addresses as revealed by the Cisco Talos.





 “Talos extracted all messages from these two sextortion campaigns that were received by SpamCop from Aug. 30, 2018 through Oct. 26, 2018 — 58 days’ worth of spam.” reads the analysis published by Talos.
Every message sent as a part of these two sextortion campaigns contains a From: header matching one of the following two regular expressions:
From =~ /Aaron\d{3}Smith@yahoo\.jp/
From =~ /Aaron@Smith\d{3}\.edu/ “

In total, SpamCop received 233,236 sextortion emails related to these “Aaron Smith” sextortion campaigns. The messages were transmitted from 137,606 unique IP addresses. The vast majority of the sending IP addresses, 120,659 senders IPs (87.7 per cent), sent two or fewer messages as a part of this campaign. “

As indicated by them, every sextortion spam message incorporates an installment request that arbitrarily differs from $1,000 up to $7,000 and the quantity of distinct email addresses targeted in the campaigns was 15,826, every beneficiary accepting by and large a 15 sextortion messages. In one case, a beneficiary alone got 354 messages.

Researchers found that around 1,000 sending IP addresses utilized in the Aaron Smith campaigns were additionally engaged with another sextortion campaign dissected by the experts from IBM X-Force in September and that ultimately leveraged the Necurs botnet as well.

Some of the top nations sending sextortion messages incorporate Vietnam (15.9 per cent), Russia (15.7 per cent), India (8.5 per cent), Indonesia (4.9 per cent) and Kazakhstan (4.7 per cent).

Category: / /

Share this with Your friends: