Interview with a Botnet Host

| | Comments (8) | TrackBacks (2)

I got this lovely missive in my mailbox a few days ago:

Tired of being scammed?
Tired of servers downtime?
Tired of high latency?
Being Blocked or Blacklisted too fast?

FORGET ABOUT THAT!
Get rid of asian datacenters and choose a better Spam friendly solution with us.We have the latest development in Bulletproof Webservers that will
handle your high complaint loads.

Contact us for pricing!
-----------------------------
ICQ #:
MSN Messenger:
AIM:
yahoo:

Botnet Hosting Servers
-------------------------------
5 Ips that changes every 10 minutes (with different ISP)
Excellent ping and uptime.
100 percent uptime guarantee. Easy Control Panel to add or delete your domains thru webinterface.
Redhat / Debian LINUX OS.
SSH Root Access.
FTP Access.
APACHE2 PHP CURL ZEND MYSQL FTP SSH.

We have Direct Sending Servers, and we also do Email Lists Mailings.

Spam friendly and Botnet hosting? Oh, dream come true! With that in mind, I decided to check out their website - not a good start, it was offline and the email address kept bouncing. Three of the four IM addresses didn't seem to work and we nearly had no writeup, but with the last address I tried...


Support (02:17 PM) : hi

Pg : hello, i recieved your email about hosting

Support (02:17 PM) : good, tell me

Pg : can i just confirm, did you send this: Botnet Hosting Servers
-------------------------------
5 Ips that changes every 10 minutes (with different ISP)
Excellent ping and uptime.
100 percent uptime guarantee.
Easy Control Panel to add or delete your domains thru webinterface.
Redhat / Debian LINUX OS.
SSH Root Access.
FTP Access.
APACHE2 PHP CURL ZEND MYSQL FTP SSH.

Support (02:18 PM) : yes

Pg : excellent! i tried to get your website up - but it was down. do you have another site up that i could look at?

Support
(02:20 PM) : spamhaus take our site down 1 week ago, damn fbi went to datacenter, big big problem. We decided to keep working without website for somewhile

Pg: Really? Damn fbi. Can you still offer services? And how much do you charge?

Support (02:28 PM) : yes, these servers costs 1600 usd. they were 1750 last week so we made a 150 usd off

Pg: Ok - if you dont mind me asking, where are the boxes located geographically?

Support (02:31 PM) : i have several locations, like asia,korea,taiwan and some in usa

Pg : Ok cool. what method of payments are available?

Support (02:33 PM) : wire, webmoney,egold, western union

Pg : k. lets talk risk - do you actually own these servers, or are they hacked boxes?

Support (02:36 PM) : no they are legally bought servers. we dont mess around with hacked boxes. we have our own datacenter setup - what contents are u planning to host? let me tell u scam is not allowed.

Pg: define "scam" - after all, youre saying you can host botnets;-)

Support (02:38 PM) : hehe bank sites all that

Pg : Ah, like Phishing etc. so you dont do those. what kind of things do you definitely do then? just so i know my options

Support (02:39 PM) : tell me what you want to do, and i will get u a solution because i have many datacenters and options :-)

....now at this point, I decided to come up with the most whacked-out, craziest scam idea I could think of to see if he'd go for it. To my amazement, he did...and made me an offer I couldn't refuse...

Pg: Well, first we have exploits that compromise servers, then inject packets that redirect the end user to our exploit page, which installs adware, trojans etc - at this point we install RADmin server tools to gain control, then download and install our own version of bittorrent....at that point, we start shovelling pirated movies onto the PCs, all kinds of dodgy content, then we "contact" the box owners and threaten to "expose" them to the police etc unless they pay us money each month to keep quiet about it

Support (02:42 PM) : LOL. thats nasty and dirty but i love it. thats so bitchy....but here is the solution i got. i have a nasty datacenter in korea...good bandwidth

Pg: Ok sounds good. ill keep you in mind - its not just me involved in this as im sure you can appreciate. but i will try and get back to you soon as possible. thanks!

......I'm about to close the chat down, reflecting on the fact that though Phishing sites are considered "scams" by this guy, anything and everything else is fair game. But then...

Support (02:48 PM) : let me tell u something.....i just checked, and i have 1 box remaining there, i can give u a nice discount if you help me with something i need

Pg : cant promise anything but i'll certainly hear you out

Support (02:49 PM) : ok.....i need to start a hosting botnet...so i need to deploy lots of trojans worldwide. i have my own trojan, but i've been wasting time paying installs in proxy contamined botnets. so i need to install them in freshy computers

Pg: ah i see! what does your trojan do (without going into too much detail)

Support (02:51 PM) : tcp 80 and udp 53 redirection for hosting purposes

Pg : nice

Support (02:52 PM) : no phishing, no scams, no nothing. just hosting on cable/dsl boxes

Pg : Well I'll speak to the guys and see what we can do. like i said, I'll try and get back to you soon as. thanks dude!

.....and there it ends.

I love how the supposed King of Botnet hosting ends up asking the customer for help with hosting his own Botnet. Considering he didn't know me from Adam, I have doubts about how long his little "Empire" will last. His site is still down, too - with any luck the Feds have finished the job, though I doubt we've seen the last of this guy. Still, the message is clear - buy some cheap servers, set up shop out East and watch the money roll in.

We're just making it far too easy for these guys...

2 TrackBacks

Listed below are links to blogs that reference this entry: Interview with a Botnet Host.

TrackBack URL for this entry: http://blog.spywareguide.com/mt-tb.cgi/254

From The: This is To Insane to Make-Up Department from ReveNews - Wayne Porter: Greynets, Malware, Adware & Spyware Research- E-commerce on May 9, 2006 7:08 AM

Chris Boyd and I have been talking about botnets lately and how they can impact e-commerce. Fraudulent clicks, drive-by downloads, dDOS attacks, and all the "good stuff" that makes you wan't to cringe. Who are these people? Where do they exist? What do... Read More

Chris Boyd checked in from the, It's too insane not to be true department, and now we have another piece of ripped-up reality that makes you wonder what rock ad agencies hide under or perhaps who dinged them in the... Read More

8 Comments

Man. I can't believe it's not butter! It's now the wild, wild east and not west.

Wow. Heh, someone needs to start a vlog about this stuff in the format and style of the show Cops.

If we can use the "Bad Boys" theme tune, I'm in ;)

Oh PG this is friggin priceless.

yeah, i spoke with the guy a couple of weeks ago too. here's a portion of our discussion, and it seemed that his ip was in columbia at the time. it's interesting that he claims his servers are not botz and hosted in common spammer locations. he's catching a lot of flak in the security circles...poor guy just wants to ditch spamhaus.
Start of botnethosting buffer: Thu Apr 20 2006
[09:49] xxx: got the botz?
[09:49] botnethosting: I am currently away from the computer.
[10:25] botnethosting: hi
[10:25] *** botnethosting has added you to their contact list with reason: " ". You may choose to accept or deny this action. You may also add this user to your contact list or ignore this user.
[10:28] xxx: hi
[10:29] xxx: saw your email. are you a cop or fed?
[10:29] botnethosting: u kiddin?
[10:30] xxx: nope. gotta ask.
[10:30] botnethosting: lol
[10:30] botnethosting: im a bp hosting provider.
[10:30] botnethosting: anyway, if i were a fed or cop will i tell u? lol
[10:30] xxx: hehe
[10:31] xxx: well, you could answer yes or no. would you please?
[10:31] botnethosting: im not a fed
[10:31] botnethosting: neither cop
[10:32] xxx: all right. so what kind of prices are we looking at for mail blasts? also, how legit are these servers?
[10:32] botnethosting: 100% legit, no hacked servers
[10:33] botnethosting: are u looking for bp hosting servers or direct mailing servers?
[10:33] xxx: mailing
[10:33] botnethosting: *url removed*
[10:34] botnethosting: ok
[10:34] xxx: thanks
[10:34] botnethosting: thats site is pretty older now
[10:34] botnethosting: prices arent updated
[10:34] botnethosting: well we have mailing servers in china with 30 ips, p4 proccessor, 1gb ram, hdd 80gb

Awesome blog. Peace out until next time TabathaOster

Saw this email a couple of times too and decided to feed him a mixture of the conversations on here, good thing, he remembers conversations ;-) Here we go:

(20:29:03) botnethosting: hi
(20:29:14) xxx: hello, i recieved your email about hosting
(20:29:21) botnethosting: :)
(20:29:59) xxx: can i just confirm, did you send this:Bulletproof Hosting Servers ------------------------------- 5 Ips that changes every 10 minutes (with different ISP) Excellent ping and uptime. 100 percent uptime guarantee. Easy Control Panel to add or delete your domains thru webinterface. Redhat / Debian LINUX OS. SSH Root Access. FTP Access. APACHE2 PHP CURL ZEND MYSQL FTP SSH.
(20:30:18) botnethosting: right
(20:30:30) botnethosting: my mailers did
(20:30:32) xxx: excellent! i tried to get your website up - but it was down. do you have another site up that i could look at?
(20:30:43) botnethosting: nope
(20:30:56) xxx: Really? Can you still offer services? And how much do you charge?
(20:31:11) botnethosting: 1250 for hosting server
(20:31:27) xxx: Ok - if you dont mind me asking, where are the boxes located geographically?
(20:32:07) botnethosting: offshore ;)
(20:32:38) xxx: Well, you don't know where I am physically located, so "offshore" doesn't really tell me much. Any more pointers?
(20:33:06) botnethosting: these servers doesnt have any fixed
(20:33:11) botnethosting: location ip assignation
(20:33:16) botnethosting: they have worldwide ips
(20:33:44) xxx: Cool, but I'm fairly sure they have to be located physically somewhere, right?
(20:33:55) xxx: Korea? China? US? Germany? ...?
(20:35:05) xxx: what method of payments are available?
(20:36:08) botnethosting: some in us, some in korea, some in china
(20:36:56) xxx: what method of payments do you accept?
(20:37:15) botnethosting: webmoney, egold
(20:37:40) xxx: k. lets talk risk - do you actually own these servers, or are they hacked boxes?
(20:37:48) botnethosting: i own them
(20:38:50) xxx: ah ok, so no hacked stuff available
(20:39:05) botnethosting: nop, we dont use hacked stuff
(20:39:16) botnethosting: they are not stable neither reliable
(20:40:25) xxx: sure thing, stable could be, yet reliable? nope. Anyways, I assume you allow some less common uses of your servers, afterall, you're 'botnet' hosting? ;)
(20:40:55) botnethosting: what do you plan to host there?
(20:42:20) xxx: well, first we have exploits that compromise servers, then inject packets that redirect the end user to our exploit page, which installs adware, trojans etc - at this point we install RADmin server tools to gain control, then download and install our own version of bittorrent....at that point, we start shovelling pirated movies onto the PCs, all kinds of dodgy content, then we "contact" the box owners and threaten to "expose" them to the police etc unless they pay us money each month to keep quiet about it ;)
(20:43:30) botnethosting: u gotta be kiddin
(20:43:41) xxx: no, why, you're a cop?
(20:44:10) botnethosting: lol
(20:44:23) xxx: ;)
(20:44:37) botnethosting: http://www.revenews.com/wayneporter/archives/001804.html
(20:44:44) botnethosting: look at that
(20:45:32) xxx: I was more refering to http://blog.spywareguide.com/2006/05/interview_with_a_botnet_host_1.html, but thanks for the link. Anyways, why do you keep on spamming? It's really annoying.
(20:45:47) botnethosting: why do u keep f*cking around
(20:47:03) xxx: I'm f*cking around at all. You keep spamming me and I decided to have a talk with you and ask you why you keep doing that. I get plenty of spam, and this is -IIRC- the third email I get from you.
(20:47:23) botnethosting: gimme your address and i will remove you
(20:47:29) botnethosting: pretty easier uh?
(20:48:55) xxx: Nah, I'll be probably put on a "live email" list and distributed amongst your clients/friend-spammers
(20:49:17) botnethosting: well whatever u say
(20:49:24) xxx: Ok bye
(20:49:25) botnethosting: i wont loose more time with you
(20:49:27) botnethosting: bye
(20:50:21) xxx: Oh yeah, waste my time and resources with your spam and then be angry when I bug you? Actually, I was planning to bug you from numerous accounts and IPs ... everytime I get a mail from you. Fair deal?

Great blog)))

Leave a comment

About this Entry

This page contains a single entry by Christopher Boyd published on May 9, 2006 11:44 AM.

Desperate Spammers- Blue Security Blog Warfare was the previous entry in this blog.

Warner Brothers and 180Solutions Equals Zango for Soap. is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.