Security researchers are keeping a close eye on underground cybercrime forums and are quick to spot new offerings, such as the BlackOS software package.
Not to be confused with the memory-scraping BlackPOS malware, BlackOS is actually a suite of tools aimed at making cyber crooks’ job easier by centralizing the managing of traffic redirection from compromised or malicious sites via a web interface.
The package is capable of doing a number of things (as translated by Trend Micro from the advert in Russian):
1) Implement the optimal model of converting traffic. Distribute and installs on geo user agent;
2) Get a unique opportunity to refuse to sell iframe traffic ;
3) Automatically detect PR domains , links and implement an effective impact on the issuance of search engines ;
4) Get a fast , stable and socks5 private lists for any of your software, requiring the use of proxy;
5) Sort the list of accounts as fast as possible ;
6) Upload any of your scripts with verification . Pour shells and mass execute commands on them set / code cleanup , eval (), system (), sendmail and check antiDDOS ;
7) Perform a vulnerability scan on your servers
8) Proccess the parsing Databases of remote CMS
Its price is quite steep – $3,800 a year – and can be paid in crypto currency.
The researchers also did a little digging and analyzing, and they believe that BlackOS is a package that started its life as “Tale of the North,” a similar web traffic managing software written and developed by a well known Russian spammer known by his online alias Peter Severa, and another colleague.
But, by his own public admission, Severa and the other developer parted ways due to a disagreement, and the latter is the one who is selling BlackOS, while Severa is apparently concentrating on running two affiliate programs.
For more details about the researchers’ investigation into this particular software and cyber criminal actors, check out their blog post.