VIP72 – 15-Year-Old Malware Proxy Network Goes Anonymous

VIP72 is an anonymity service that was active for 15 years, but, recently the VIP72’s online storefront that has settled at the same U.S.-based Internet address for more than a decade simply disappeared.

The threat actors declared in their report that VIP72 routes its customers’ traffic via computers which were being hacked and scattered with malicious software.

However, with the help of VIP72 services, customers can choose the network that is linked virtually to any country, and not only that it can also relay their traffic while lurking behind some unconscious victim’s Internet address.

As per the Kerbs on Security analysis, it says that the domain Vip72[.]org was formerly listed in 2006 as “Corpse,” and was adopted by a Russian-speaking hacker, who gained ignominy for many years prior for producing and selling a remarkably complex online banking trojan named A311 Death, a.k.a. “Haxdoor,” and “Nuclear Grabber.”

Haxdoor was used in multiple million-dollar cyber heists, and it was one of the biggest trojans that can create a huge impact on organizations, and due to Haxdoor, the multi-million-dollar cyberheists became daily front-page news.

The security experts checked all the earliest reports and they claimed that VIP72 cybercrime was initially detected in 2006 when someone using the handle “Revive” advertised the service on Exploit, a Russian language hacking forum. 

There were many cybercrime forums that are available in multiple languages that are confused with tutorials concerning how to use VIP72 to cover one’s location while conducting financial fraud.

Moreover, Corpse/Revive is also being operated and remarked as one of the extremely popular services called check2ip[.]com, this service generally promises the customers the capability to quickly tell whether a given Internet address is decreased by any security companies as malicious or spammy.

After so many finding the cybersecurity analysts claimed that it is yet not clear that exactly what had happened to VIP72. There are many users who report that the anonymity network is still working even though the service’s website has vanished for two weeks. 

However, it implies that the infected systems that get resold via VIP72 are still infected and it will continue to deliver traffic so long as they remain infected. 

So, it might be possible that the service decided to stop receiving new customers because it might have facing trouble competing with an influx of newer, more complex criminal proxy services, as well as with the increase of “bulletproof” residential proxy networks.

Follow us on LinkedinTwitterFacebook for daily Cybersecurity News & Updates

Balaji N

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Published by
Balaji N

Recent Posts

Google Revealed RETVec to Defend Malicious Emails & Spam for Gmail Users

The text-to-dense representation techniques vary, evolving from character bi-grams to advanced subword vectorizers, combating OOV…

2 days ago

New Android Malware FjordPhantom Spreads Covertly Via Email, SMS, & Messaging Apps

In the ever-evolving realm of cybersecurity, Promon, a trailblazer in mobile security solutions, has brought…

3 days ago

New SugarGh0st RAT Delivered via Malicious Windows Shortcut & JavaScript

Hackers use Remote Access Trojans (RATs) to gain unauthorized access and control over a victim's…

3 days ago

Black Basta Ransomware Received Over $100 Million From Victims

Black Basta, the fourth-most active ransomware strain with more than 329 victims, has reportedly made…

3 days ago

Notepad++ Input Validation Flaws Leads to uncontrolled Search Path Vulnerability

Notepad++ has been discovered with an uncontrolled search path vulnerability, which could allow threat actors…

3 days ago

WhatsApp Secret Code Feature Lets Users Set Unique Locked Chat Passwords

WhatsApp has announced the rollout of a new feature to safeguard sensitive conversations. The Secret…

3 days ago