Connect with us

Hi, what are you looking for?

Tech & Science

Hacker earns $100k a month sending one million spam emails a day

The source code of the RIG exploit kit was leaked by an unhappy reseller a couple of months ago. This has had two consequences: security firms have been able to establish how it works but other hackers can begin to use it more easily.
As Business Insider reports, security research firm Trustwave has found that one hacker, believed to be working on his own as a “lone wolf” is now using the tools that comprise RIG to infect over 27,000 computers everyday. This results in around 500,000 malware installations each month — six million in a year.
This high infection rate is achieved by using an automated spambot to send over one million bogus emails each day, convincing people to click links to buy products or install software using traditional spam tactics. The 27,000 who respond each day end up with their computer being compromised by malware delivered by version 3.0 of the RIG exploit kit.
This technique has proven to be rather profitable for the hacker behind it all so there’s little chance of the attack slowing down soon. Trustwave conservatively estimates that the lone wolf responsible for the spam is earning between $60,000 and $100,000 every month as a reward for overseeing his massive automated email system.
Trustwave says that the spam is being delivered using the Tofsee bot, controlled by one person known as “Customer X”. Customer X is the single biggest RIG 3.0 customer and currently represents 70 percent of all successful infections.
The discovery is alarming because it shows RIG is still healthy and very active despite its source code being freely available. The creators have recovered from the leak by releasing a new version which uses the same concepts but makes several changes to keep law enforcement away.
As part of its research, Trustwave found that 90 percent of all traffic to RIG comes from malicious adverts on websites. Although no fault of the site owners, the attackers using RIG have successfully compromised ad networks to hijack Alexa 3000-ranked news sites, investment consulting firms and IT solution providers.
As a result, the exploit kit seems to be stronger than ever and is now infecting more machines per day than at any other time in its history. It’s important to remember to never click a link in an email that looks like spam and to report any suspicious-looking adverts you see on major websites.

Written By

You may also like:


Some 20 countries offered new security assistance packages for Ukraine to battle invading Russian forces.


Chinese premier Li Keqiang has sent a congratulatory note to newly elected Australian counterpart Anthony Albanese.


This is just the start of the problem, and what’s possible in terms of roaming billions of people could make this look pretty tame

Social Media

"Zuckerberg is personally involved in nearly every decision the company makes," Washington Attorney General Karl Racine wrote in the suit.