US Government Sanctions Cybercrime Syndicate Operating ‘911 S5’ Botnet

The US Treasury Department recently imposed sanctions on a cybercrime syndicate for its ties with “911 S5,” a massive botnet operating under the guise of a residential proxy service.

Three Chinese nationals and three companies in Thailand were sanctioned for their participation in the malicious operation. The rogue residential proxy service enticed victims with seemingly free VPN services, as Sherbrooke University security researchers previously demonstrated.

Victims Tricked With Malware-Laced Free VPN Clients

After installing what seemed to be free VPN clients, victims would inadvertently infect their devices with malware that would zombify them, adding them to the “911 S5” botnet.

When researchers initially discovered it two years ago, the botnet had approximately 120,000 residential proxy nodes worldwide under its umbrella. The nodes reportedly communicated with several offshore or cloud C2 (command-and-control) servers.

“The 911 S5 botnet was a malicious service that compromised victim computers and allowed cybercriminals to proxy their internet connections through these compromised computers,” reads a US Department of the Treasury’s Office of Foreign Assets Control (OFAC) press release. “Once a cybercriminal had disguised their digital tracks through the 911 S5 botnet, their cybercrimes appeared to trace back to the victim’s computer instead of their own.”

‘911 S5’ Compromised Approximately 19 Million IP Addresses

The OFAC states that 911 S5 compromised roughly 19 million IP addresses during its runtime, facilitating the submission of “tens of thousands of fraudulent applications” and causing the US government billion-dollar losses.

Under the sanctions program, Chinese nationals Yunhe Wang (administrator of the 911 S5 service), Jingping Liu (the operation's money launderer), and Yanni Zheng (power of attorney for Yunhe Wang) were penalized.

Additionally, the OFAC added three Thai-based companies to the sanctions list: Spicy Code Company Limited, Tulip Biz Pattaya Group Company Limited, and Lily Suites Company Limited, all of which are controlled or owned by Yunhe Wang, the administrator of 911 S5.

The Dangers of Using Fake Free Proxies or VPNs

Using free proxies or similar anonymization services could pose a series of risks, including being scammed or tricked into installing malware on your device. Relying on a trustworthy VPN could eliminate the guesswork and add top-grade privacy to your Internet connection.

Additionally, dedicated software solutions like Bitdefender Ultimate Security can help you avoid botnets and other intrusions, including viruses, worms, Trojans, zero-day exploits, ransomware, and spyware.

Its comprehensive network threat prevention module protects against a broad spectrum of online threats, including sophisticated exploits, malware—and botnet-related URLs, and brute-force attacks.