VIP72 – 15-Year-Old Malware Proxy Network Goes Anonymous

VIP72 is an anonymity service that was active for 15 years, but, recently the VIP72’s online storefront that has settled at the same U.S.-based Internet address for more than a decade simply disappeared.

The threat actors declared in their report that VIP72 routes its customers’ traffic via computers which were being hacked and scattered with malicious software.

However, with the help of VIP72 services, customers can choose the network that is linked virtually to any country, and not only that it can also relay their traffic while lurking behind some unconscious victim’s Internet address.

As per the Kerbs on Security analysis, it says that the domain Vip72[.]org was formerly listed in 2006 as “Corpse,” and was adopted by a Russian-speaking hacker, who gained ignominy for many years prior for producing and selling a remarkably complex online banking trojan named A311 Death, a.k.a. “Haxdoor,” and “Nuclear Grabber.”

Haxdoor was used in multiple million-dollar cyber heists, and it was one of the biggest trojans that can create a huge impact on organizations, and due to Haxdoor, the multi-million-dollar cyberheists became daily front-page news.

The security experts checked all the earliest reports and they claimed that VIP72 cybercrime was initially detected in 2006 when someone using the handle “Revive” advertised the service on Exploit, a Russian language hacking forum. 

There were many cybercrime forums that are available in multiple languages that are confused with tutorials concerning how to use VIP72 to cover one’s location while conducting financial fraud.

Moreover, Corpse/Revive is also being operated and remarked as one of the extremely popular services called check2ip[.]com, this service generally promises the customers the capability to quickly tell whether a given Internet address is decreased by any security companies as malicious or spammy.

After so many finding the cybersecurity analysts claimed that it is yet not clear that exactly what had happened to VIP72. There are many users who report that the anonymity network is still working even though the service’s website has vanished for two weeks. 

However, it implies that the infected systems that get resold via VIP72 are still infected and it will continue to deliver traffic so long as they remain infected. 

So, it might be possible that the service decided to stop receiving new customers because it might have facing trouble competing with an influx of newer, more complex criminal proxy services, as well as with the increase of “bulletproof” residential proxy networks.

Follow us on Linkedin, Twitter, Facebook for daily Cybersecurity News & Updates