Insidious Twitter Botnet is Streaming in Stealth Mode

Recently, I became aware of a prodigious stealth-mode Twitter botnet that contain upwards of 3 million user accounts, alongside two other botnets that total 100,000 bots. Kudos goes to SadBotTrue security researchers who first disclosed botnet findings at their blog earlier this week.

Twitter botnet streaming in stealth mode

Stealth Twitter botnet

According to SadBotTrue, this particular botnet is the most active and most undetectable botnet in existence on Twitter today.

SadBotTrue states at their blog:

All the accounts are protected...

Read More

IoT cam spy needs a bottom-up revolution

I cam spy on you—from weaknesses in camera firmware to creepy messages delivered through baby surveillance systems—the Internet of Things (IoT) continues to present countless challenges as it hovers above the crossroad of security and privacy.

cam spy home
Recently I discovered Reddit poster Jenn & Tonic (J&T). Having initially purchased and returned a Netgear Arlo surveillance cam, J&T can now spy on the new owner—via the use of a previously associated Arlo account.

For the purpose of this article:...

Read More

Sphinx: New Zeus Variant for Sale on the Black Market

Republished from the now defunct Norse Corporation blog: May 2015.

The 0Day marketplace was a busy beaver this weekend. I’ve been waiting and watching Sphinx for the past 10 days to see if the 0Day admin would verify this new threat:


New Zeus Variant

On Sunday evening, Sphinx, a new variant of the Zeus banking trojan was admin-verified. Sphinx is coded in C++ and based on ZeuS source code and operates fully through the Tor network using a Tor hidden service...

Read More

Down the Darknet Rabbit Hole Again

Darknet rabbit hole

Author note: This originally appeared at the defunct Norse Darkmatters blog during the summer of 2015: Exploring the Dark Recesses of the Deepweb (with minor edits).

. . .

Darknet Rabbit Hole

I’ve been back down the rabbit hole, into the Darknet again and it’s been a hell of a hostile and discordant excursion this time. For those of us who are merely researching the cybercriminal ecosystem, it can become an extremely precarious place to visit sometimes.

I’ve had noxious miscreants jabbering...

Read More

Exploring the Dark Recesses of the Deepweb


Author note: This originally appeared at the defunct Norse Darkmatters blog during the summer of 2015: Exploring the Dark Recesses of the Deepweb (with minor edits).

. . .

Deepweb, Darknet, Darkweb – It’s Deep…

This is my ongoing saga (down the Deepweb rabbit hole) as I journey into the depths of the shadowy underbelly of the underground cybercrime ecosystem. While the black markets are expanding, forums are also evolving.

In Part 1 I questioned deviant mindsets, poked the Onion-pastebin,...

Read More

Darknet Underground Meanderings

Darknet underground

Author note: This originally appeared at the defunct Norse Darkmatters blog during the summer of 2015: Meandering Through the Darknet Underground (with minor edits).

. . .

Darknet Underground

I’ve been meandering through the Darknet underground again, mainly peeking into hidden forums, marketplaces, the onion-pastebin, and the Evil search engine. Along the way, I’ve managed to stumble across a vast array of  premium vendors promoting “fresh” data for sale, amongst other illicit wares.

Read More

6 motivations of cybercriminals–Is it all about the money?

cybercriminal motivations

Performing a Google search (for the past year) using the terms: “cybercrime” AND “hackers” produced over 5 million results. While scanning through search results, headline eye candy produced:

  • Hackers are draining bank accounts via . . .
  • Hackers Trick Email Systems Into Wiring Them Large Sums …
  • Hackers siphon $47 million out of tech company’s accounts …
  • Hackers use virus to steal £20 MILLION from UK bank …
  • We found out how much money hackers actually make …

So, a cyberiminal’s ultimat...

Read More

How to derail a Business Gmail Spam bomb

spam bomb

Last Friday morning an East Coast client (ECC) woke up to find her Gmail business account pummeled with more than 40,000 spam emails—with approximately 150-250 emails bypassing Google’s spam filters to cut up her inbox—this ongoing spam deluge was no laughing matter. With business email delayed and spam consistently pouring in—ECC’s ability to conduct business on Friday was 100 percent crippled.

It flooded my inbox with spam (woke up with 50 spam messages that made it to my inbox and pr...

Read More

You’ve been hacked —what should you do next?


I’ve been hacked a few times, and it is a terrifying position to be in. The last time I recall a major hack was back in 2011 gratis a Malaysian hacktivist. It is unclear how the attacker procured the password to an old Gmail account — that I rarely used — but it was most likely tied to my use of the same weak password across multiple websites. Though these ancient accounts had been long forgotten by me, they morphed into the mode of unrestricted access for the attacker.

Armed with the ini...

Read More