>In message <20b290b5003cafb91745b7db6d31c...@fos-vpn.org>, info@fos- >vpn.org writes
[various message about abuse issues around VPNs without logging] In message <otpjcacb0fcff...@highwayman.com>, Richard Clayton <rich...@highwayman.com> writes >I can understand the attractions to you of that business model. List readers may be interested in what I found when I decided to have a look at the "fos-vpn" website (I find that it is invariably interesting to see what people actually publish in T&Cs etc) http://www.fos-vpn.org redirects to torservers.net (where there is lots to read, so anyone interested can have a look). However https://www.fos-vpn.org does not redirect to the same website! (easy mistake to make) instead it serves up the website codevest.sh (which appears also to be known as codevest.to). There's not a whole lot on the codevest website to explain what it is about, however some Googling will reveal that it is a licensing system widely advertised on HackForums (a well-known gathering place for all sorts of hackers, both good and bad ... you may have heard of it as the place where the Mirai source code was first published). I leave it to the reader to explore HackForums, but to save you a bit of time the PaloAltoNetworks Unit42 people had this to say about codevest in October 2019, in their review (if that's the right word) of "Blackremote" an expensive RAT (remote access trojan) being sold by a Swedish actor: Blackremote utilizes the third-party "CodeVEST" licensing system, also peddled on underground forums. The licensing system validates by connecting to codevest[.]sh. "CodeVEST" seems to take the place of "Netseal" as a registration service used by commodity malware. The author of "Netseal", Taylor Huddleston, was charged in 2017 for that operation together with the sale of his own commodity malware, "Nanocore RAT." The same person who offers the "Codevest" licensing service, also profits from a crypting service "Cyber Seal". This highlights the role in the commodity malware ecosystem of not only the malware sellers, but also service providers such as the licensing services they use, and the crypting services they purchase to avoid detection of the malware that they build. I found that fascinating, but cannot vouch for its accuracy except to say that I have a high regard for Unit42. -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755
signature.asc
Description: PGP signature
