Ddos 
Recently, the U.S. Department of Justice (DOJ) has unsealed an indictment charging four foreign nationals in connection with two major botnet services—Anyproxy and 5socks—used to hijack and monetize vulnerable wireless routers worldwide. The announcement coincides with the FBI’s seizure of the domains Anyproxy.net and 5socks.net, effectively shutting down a malware-powered proxy-for-hire service that has been in operation for over two decades.
According to the DOJ press release, Russian nationals Alexey Viktorovich Chertkov, Kirill Vladimirovich Morozov, Aleksandr Aleksandrovich Shishkin, and Dmitriy Rubtsov (a Kazakhstani national) have been charged with Conspiracy and Damage to Protected Computers, among other offenses.
“The Indictment alleges that a botnet was created by infecting older-model wireless internet routers worldwide, including in the United States, using malware without their owners’ knowledge.”
Once infected, these routers were silently reconfigured to serve as proxy servers, granting anonymous access to external users through Anyproxy.net and 5socks.net. The services, which were managed by a company in Virginia and operated through a distributed network of global servers, offered paid subscriptions to this illegal access pipeline—ranging from $9.95 to $110 per month.
“The 5socks.net website advertised more than 7,000 proxies for sale worldwide… [with] the slogan, ‘Working since 2004!’”
Over the years, this illicit operation is believed to have generated over $46 million in revenue, monetizing hijacked residential and business routers, including in Oklahoma, where the FBI Cyber Task Force discovered malware embedded in unsuspecting users’ devices.
In addition to the core conspiracy charges, Chertkov and Rubtsov face further counts for False Registration of a Domain Name, having allegedly provided fraudulent identity information while registering the Anyproxy and 5socks domains.
“Chertkov and Rubtsov are additionally charged with False Registration of a Domain Name… used during the commission of these felony crimes.”
The takedown was enabled through a domain seizure warrant issued in the Eastern District of Virginia, supported by the unsealing of the indictment in the Northern District of Oklahoma. In coordination with foreign law enforcement partners, authorities also seized and disabled the core botnet infrastructure overseas.
Donate