ADVERTISEMENT

VideoProc Converter AI – Mega Upgrade and Giveaway VideoProc Converter AI V7.0 introduces two new AI models that upscale low-quality videos and images to 4K/8K much faster, intelligently generating high-res details for skin, hair, and textures while de-noising, de-blurring, and correcting flaws. Plus, enjoy enhanced video downloading, converting, compressing, editing, and recording. Special Offer and Giveaway: Save 60% on a Lifetime Licensed Version, enjoy unlimited access to full features and lifetime free upgrades. Alternatively, grab a free copy of VideoProc Converter AI V6.4 in the time-limited giveaway.

PUBLIC DEFENDER

By Brian Livingston • Comment about this article

Law-enforcement authorities, coordinating the US Federal Bureau of Investigation and similar agencies in Germany, Singapore, and Thailand, have arrested the leaders of a worldwide botnet that relied on people downloading and installing software to create “free” virtual private networks (VPNs).

I’m putting “free” in quotes, because real VPNs make costly investments in equipment and expertise. Legit VPN services almost always charge at least a small monthly fee.

Before the arrests were announced on May 29, 2024, more than 19 million infected computers in some 190 countries were being used by hackers for credit-card fraud, Dark Web operations, and a lot else. Jailing the so-called 911 S5 organizers and shutting them down dismantled what FBI director Christopher Wray described as “likely the world’s largest botnet ever.”

In a coordinated effort using the code name Operation Tunnel RAT — Rapid Action Team — law enforcement seized scores of botnet servers. The authorities immediately changed the malware website’s home page into a fearsome warning to hackers everywhere. (See Figure 1.)

Figure 1. When the US Department of Justice seized the servers that ran the so-called “911 S5” botnet, authorities replaced the original home page with this warning about the allegedly illegal operation. Source: US Department of Justice

The following three individuals have been identified by the US Department of the Treasury as the primary actors in the 911 S5 botnet, according to a Treasury press release:

Wang was apprehended in Singapore and is expected to be extradited to the US. He faces 65 years in prison if convicted of all charges.

Figure 2. Before it was shut down, the 911 S5 botnet organization had a professional-looking website. For a fee, the portal gave hackers access to 19 million infected PCs around the world to be used for cybercrimes. Source: Radio Free Asia article

What harm did the botnet do before it was taken down by authorities? Hackers reportedly used the network to hide their identities while carrying out the following exploits, according to a Justice Department press release:

The above is just a partial list of the ways the botnet was used. The Justice Department also accuses the principals of renting access to the infected computers for billions of dollars of bank-fraud transactions, transmission of bomb threats, distribution of child-abuse materials, and more.

Besides offering “free” VPN software for Windows, the hackers also bundled the malware VPNs with other software packages, such as fake “updates” for Adobe Flash Player.

Infected programs include the following brand names, according to an FBI statement:

There may be additional names that the 911 S5 botnet apps used. We may never know the full extent of the infected products that were downloaded by unsuspecting computer users.

Authorities have by now seized approximately $30 million worth of the principals’ assets. That includes 70 servers and 23 domain names that enabled the scheme. If those seizures have shut down the botnet, do the malware-containing VPNs still threaten you and your computer?

I can’t guarantee that some hacker won’t figure out a way to reactivate at least some parts of the botnet for nefarious purposes. That would make your home or office IP address appear to be the origin of fraudulent credit-card transactions or any of the other vile acts that aroused the FBI’s attention. At a minimum, the VPN software you installed may now fail to work — if it ever worked.

Later, I’ll tell you how to determine whether your PC has one of these malware apps installed and, if so, how to remove it.

First, let’s make it clear how you should use VPN software safely and ethically.

There are both legitimate reasons and questionable reasons for individuals and companies to use virtual private networks:

An example of the second kind of use is signing into a Netflix account while running a VPN program. The user’s VPN software attempts to convince Netflix that the user is in a country where the service offers certain videos. For some content, Netflix may not have a license to stream a movie to every country.

Using a VPN to fake your location violates Netflix’s terms of service. The company does everything it can to identify and block VPN connections. Despite this, many respected VPN offerings — none of which is free — do succeed in tricking Netflix. Several such programs are given 1-to-5-star ratings in tests such as a recent TechRadar review.

Many tech companies, not just Netflix, offer the greatest breadth of service to customers in the United States. This explains why people in some 190 other countries were eager to download the botnet’s “free” VPN software. With these Trojan-horse VPNs, users could get services that are not ordinarily available in their own countries. (See Figure 3.)

Figure 3. In this example, a tester uses a VPN to view Netflix UK content from a location in the US. Source: Security.org review

Our own tech maven, Susan Bradley, has for years advised against “free” VPNs. Maintaining a worldwide VPN costs money, as Susan aptly points out. There’s hardware to maintain, communication links to keep up, the salaries for the tech staffers who make it all run, and more.

Susan has most recently stated her view in an AskWoody post. And in a May 13, 2024, article on antivirus products, she also explained that VPN users need a health-checking app. Such services verify that the IP address your VPN assigned to you is “healthy.” (That is, it doesn’t have a bad reputation, which would block you from various websites, including AskWoody.)

“Free” VPNs are something of an oxymoron, if you want something that isn’t crapware or outright malware.

The latest rankings of respected VPN programs — and their costs — are available at the following expert sites. Each reviewer recommends several VPNs, all of which have various pros and cons:

If you’re considering a VPN, which one is right for you? That depends on which quality you value most: the tightest security, the fastest throughput speed, or the lowest monthly cost.

Determine your priority, and then look into the above reviews, which sort the contenders by those qualities. The ratings can help you pick the one VPN that best meets your needs.

There’s no way to ever be sure you’ve discovered and deleted all the malware from your PC. Fortunately, the FBI has published a three-page explanation of the steps you should take if you suspect that a 911 S5 VPN program may be living on your system.

It’s important to follow the agency’s detailed instructions, because you might not be able to merely delete a VPN’s folder to kill it. The app may be “protecting” its files from simple deletion.

Figure 4. In this case, the Task Manager’s Processes tab reveals that this PC is running ShieldVPN, one of the botnet’s malware apps. Source: FBI article

You should read the FBI’s complete series of steps to detect and remove any of 911 S5’s malware that may be on your system. But I can summarize the agency’s recommended search-and-destroy mission in just the following two points:

It’s criminal that we law-abiding computer users have to defend ourselves against malware that silently corrupts the integrity of our systems.

So, I innocently installed a free app, and now you tell me the IP address of my PC is being identified as the source of multiple fraudulent credit-card transactions? What a world we live in.

After you’ve read the FBI’s instructions, you may want more details on the botware network and what law enforcement intends to do about it.

To understand the legal proceedings, read the Justice Department’s 22-page indictment of Wang and the others (PDF).

For a true-crime look at the $30 million in servers and other assets the FBI says it’s impounded from the botnet operators so far, see the agency’s 118-page warrant for the seizure (PDF).

It seems that no matter how safe we try to keep our computing habits, there’s always another exploit just around the corner. Perhaps artificial intelligence will soon be able to predict the scams being planned by these lowlifes and get them thrown into the pokey before they can ruin our lives on a global scale.

		Contribute your thoughts in this article’s forum!
		Do you know something we all should know? Send your story to Brian in confidence!

The PUBLIC DEFENDER column is Brian Livingston’s campaign to give you consumer protection from tech. If it’s irritating you, and it has an “on” switch, he’ll take the case! Brian is a successful dot-com entrepreneur, author or co-author of 11 Windows Secrets books, and author of the fintech book Muscular Portfolios.

ADVERTISEMENT

Enjoying the newsletter? Become a PLUS member and get it all!
	Don’t miss any of our great content about Windows, Microsoft, Office, 365, PCs, hardware, software, privacy, security, safety, useful and safe freeware, important news, analysis, and Susan Bradley’s popular and sought-after patch advice. PLUS, these exclusive benefits: Every article, delivered to your inbox Four bonus issues per year, with original content MS-DEFCON Alerts, delivered to your inbox MS-DEFCON Alerts available via TEXT message Special Plus Alerts, delivered to your inbox Access to the complete archive of nearly two decades of newsletters Identification as a Plus member in our popular forums No ads We’re supported by donations — choose any amount of $6 or more for a one-year membership.