Is Your Computer One of the 500,000 That Send out 30,000 Sextortion Emails Every Hour?

You might have received an email claiming that someone has recorded video footage or captured images that, allegedly, can compromise your reputation. This email should state that hackers were able to spy on you via webcam when you visited pornographic websites. What is the point of such emails? In most cases, it is to extort money, and that is why they are popularly known as sextortion scam emails. If you have read our article about sextortion scams, you might understand the concept of how this scam works and how schemers operate. Well, did you know that you yourself could be sending out thousands of intimidating emails to people all around the world? It was recently reported that researchers found infected computers sending extortion emails unbeknownst to their owners. So, are you one of them?

Check Point revealed a massive botnet

Israel-based Check Point is an IT security company that recently conducted 5-month-long research revealing a massive botnet used to facilitate a vicious sextortion scam. According to their research, a botnet that was dubbed Phorpiex or Trik has been active for nearly a decade now and has over 500,000 infected hosts. Although the botnet was used to distribute GandCrab, Pony, Pushdo, and other malicious threats, including miners, it appears that the operators behind it have switched to spamming. Now, every single one of the infected machines that belong to the bot can be used to silently send out up to 30,000 sextortion scam emails every hour. Researchers have found that every individual spam campaign rooting from the botnet can affect 27 million people. Of course, whether or not schemers are successful solely depends on how people react to the sextortion scam email they receive.

It is known that the Phorpiex bot has access to a database of leaked login credentials. That means that besides having access to an expansive list of legitimate email addresses, they also have passwords that are linked to these addresses. Unfortunately, that is one of the strengths of the sextortion scam. The researchers at Check Point have analyzed the intimidating email that is the driving vehicle of the sextortion scam. According to the message, the sender has “full access to all […] accounts” and “full control over […] computer.” It then proceeds to suggest that a compromising video was recorded using a webcam and that all private data was recorded as well. The sender threatens to post the alleged video and private data on social networks and send it via email to the recipient’s contacts. Without a doubt, this can be horrifying. The email that researchers obtained demanded a ransom of $800 to be paid in Bitcoin, a crypto-currency popular amongst cybercriminals and schemers.

When research by Check Point was published, 58 different Bitcoin wallets were linked to the sextortion scam, and while most of these wallets had 1-2 transactions, at least one of them had 19 transactions when we checked it. The ‘Total Received’ balance was 0.4353 BTC, which, at the time, was over $3,600, and that is just one wallet. In fact, Check Point researchers believe that the sextortion scam they analyzed could be generating $22,000 per month, and this number is likely to grow if more machines get infected and more victims are trapped. Without a doubt, being on the receiving end of an extortion message is horrifying; however, discovering that your own infected computer sends extortion emails is an entirely different horror story. When Forbes spoke with the researchers, they revealed that an infected computer connects to a C&C server to download the list of breached emails and passwords. Then, using SMTP (Simple Mail Transfer Protocol), the infected computer is employed to send out the sextortion emails. To keep the attack under wraps, Gmail and Outlook services are not used. At its core, the Phorpiex bot is a simple tool for a major scam.

How to disengage from botnets and evade them in the future

You are not supposed to notice that your own infected computer sends extortion emails because you are not supposed to notice that your computer was connected to a botnet. Note that your machine becomes a zombie only if it is infected with “botnet malware.” In theory, anti-malware software should detect and delete it, but it all depends on the type of software you use and even the way the botnet itself is constructed. Without a doubt, weaker, outdated, and ineffective anti-malware software is unlikely to protect operating systems reliably, which is why it is imperative to start with a security system overhaul. Whether you need to update your software or replace it with a tool that is more effective and up-to-date, you need to ensure that your operating system is fully protected. Only if reliable security software is installed will you not need to worry about removing botnet malware or avoiding it in the future.

Sextortion scam aftermath

If you were sending out extortion emails, your main concern is the malware that got in and, of course, the overall protection of your operating system. If you were on the receiving end, you might have contacted the attackers or even paid the ransom. First and foremost, it is highly unlikely that anyone has any incriminating or compromising material, and the intimidating claims are made just to make you scared and more easily manipulated. If you receive a sextortion scam email, the best thing you can do is ignore it and report the sender to your email provider. This could help others. What if the claims were real? Even if you paid the ransom, you could not force schemers to remove compromising material from their servers, and so we would not recommend engaging with them anyway.

Of course, if the password included in the message is still in use, the first thing you need to do is change that password. If schemers managed to get their hands of your login credentials, that means that a data breach had occurred at some point. Do you use a unique password for every service? If you do, it should be easy enough to track down the login that was compromised. Speaking of unique passwords, you need to make sure that every single one of your passwords is unique because you do not want your entire virtual world to fall down like a house of cards just because of one compromised password. We strongly recommend installing Cyclonis Password Manager, a tool that will automatically generate strong and unique passwords, and that will also help you upgrade the compromised passwords. The best part is that it will do that for free.