Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab February 28, 2025

[Condobloke]

Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab – Krebs on Security

One of the most notorious providers of abuse-friendly “bulletproof” web hosting for cybercriminals has started routing its operations through networks run by the Russian antivirus and security firm Kaspersky Lab,
Security experts say the Russia-based service provider Prospero OOO (the triple O is the Russian version of “LLC”) has long been a persistent source of malicious software, botnet controllers, and a torrent of phishing websites. Last year, the French security firm Intrinsec detailed Prospero’s connections to bulletproof services advertised on Russian cybercrime forums under the names Securehost and BEARHOST.
Last year, the U.S. Commerce Department banned the sale of Kaspersky software in the U.S. effective July 20, 2024. U.S. officials argued the ban was needed because Russian law requires domestic companies to cooperate in all official investigations, and thus the Russian government could force Kaspersky to secretly gather intelligence on its behalf.
Phishing data gathered last year by the Interisle Consulting Group ranked hosting networks by their size and concentration of spambot hosts, and found Prospero had a higher spam score than any other provider by far.

 

[KGIII]

Once, a long time ago, Kaspersky was the best of the best. The security experts generally agreed that their software stopped more malware than any other, meaning it was the most effective AV you could buy.

Hmm... I don't think I can go further without touching on politics. So, let's not do that.

Instead, let's be grateful that we use Linux where AV software is optional.

 

[Condobloke]

I can see/feel an influx of (new) Linux type software aimed at security/privacy coming.

Whether Firefox's latest faux pas (Mozilla deletes promise not to sell Firefox users’ data)
turns out to be "real" or otherwise may influence this. @tinfoil-hat mentioned "I wish there would be more competition, asides from Chromium and Gecko based browsers" which will bring more complexity to the scene (if/when it happens) There is already call for this, now. Do floorp or midori offer any relief?...probably not as both are based on Firefox) ..... Brave browser?...appears to have gone quiet.

A full on AV?.....maybe circumstances bought on by unseen changes,(yet) will necessitate that ?

Food for thought

Anyone here care to develop a new browser?....stretch the horizons?....I am sure you would be welcomed with open arms (if the 'job' was done right.

 

[KGIII]

Anyone here care to develop a new browser?

Modern browsers are insanely complex and it'd take a whole group of talented people (and a whole lot of time) to build a browser from scratch. Your modern browser is more complicated than the first operating systems you probably used. They are frequently compared to operating systems (and come with all the hassles and security issues of such) as they are essentially where the majority of our computing is done these days.

Outside of office use, which will still be using a browser, people pretty much 'live' in their browser(s) of choice. Coupled with things like extensions, they're very similar to the OS concept. Heck, more and more office stuff is being done online, so even that is done in a browser as they do things like use Office 365 (MSFT), Workspace (Google), and a dozen other popular business solutions.

Which isn't to say this won't be done. But, it is saying that it will be a huge undertaking. There are a couple of alternatives that aren't based on the two major browser engines but Blink and Webkit are pretty much the defaults for browser creation.

Firefox has 21 million lines of code.
Chromium has 32 million lines of code.

Not convinced?

The Boeing 787 a mere 6.5 million lines of code...

The browser you use is more complicated than the software used to fly a modern commercial airplane.

By the way, the Linux kernel has a bit less than 31 million lines of code. The entirety of Windows XP, with all the bells and whistles included - far more than just a kernel l- only had 45 million lines of code. That's for everything, the entire operating system.

So, it's going to take some work. It's going to take some time. It's going to take some skill. It will also take a whole lot of people if it's going to compete with the major browsers. Then, after it is released, it has to be maintained and upgraded as standards and expectations change.

By the way, the Linux kernel is actually made up of about 62,000 files.

It's going to be quite an undertaking.

Fortunately, we can (and have) just fork Firefox. It's open source.

 

[theLegionWithin]

Instead, let's be grateful that we use Linux where AV software is optional.

I wouldnt necessarily phrase it as optional, but you dont need to be as careful. security starts with the user (picnic, basically)... if the user is foolish and fails to phishing, scams, etc then all the security software in the world wont prevent it.

 

[Condobloke]

security starts with the user (picnic, basically)... if the user is foolish and fails to phishing, scams, etc then all the security software in the world wont prevent it.

Amen.

 

[KGIII]

I wouldnt necessarily phrase it as optional

I think it's a fine way to phrase it?

LOL I consider it optional. I don't use AV and have never used it on a desktop Linux system. You can use AV if you want, thus that's optional. AV is an option. You can probably install some form of AV from your default repos. Last I knew, there were a few commercial products that you could buy. I think those are mostly aimed at servers.

At least that is my thoughts on the matter. I've opted to not use AV, but I keep a good eye on my system and only install reputable software.

In fact, I used to use Vista without any resident AV installed. I kept it locked down with a very good hardware firewall with very strict settings. I kept it set to whitelist connections, meaning it blocked everything until I expressly allowed it. It took some time but it worked well enough after I had it configured for the things I needed to access.

I did use AV on anything XP and older - and originally used AV with Vista, until I got said hardware firewall.

Seeing as I've already digressed a bit...

Also, I liked Vista after SP1 was released. I never used 7 or newer on my own systems and never used anything newer than 7 on any system. (I've never touched the 8 series, 10, or 11. I haven't got a clue how they work, assuming they've changed.)

 

[Mike-BTU]

IMHO, AV software for a desktop Linux box is not needed. This assumes that the user installs security updates whenever they become available, to put it simply

I leased a RHEL LAMP server with 11 sites for a number of years and we made our living from it. Of course, ClamAV scanned all mail for Windows viruses. However, aside from updates and a good iptables firewall configuration, about the only security software that I remember is chkrootkit and rkhunter. Of course, they merely tell the IT guy (me) if the server has been infected.

The only time it was hacked, it was my fault, and it wasn't the entire server. One site used osCommerce for the shopping cart, and a change by them broke it. The "temporary" fix was to change the perms on some directories to 777. It was surprising how long that lasted before someone started using my mailserver to send out spam.

I've heard that there are Linux viruses, but I have never heard of anyone doing what we did here and got infected.

 

[KGIII]

I've heard that there are Linux viruses, but I have never heard of anyone doing what we did here and got infected.

There are security problems with Linux. That's why we get security fixes.

But, things like malware aren't all that effective because of the permissions system Linux inherited from Unix. You need someone to make it executable and then run it. The security issues for Linux need things like another exploit to be a risk. So, while it's a security issue, it requires an exploit that gives the attacker admin rights and/or needs to be physically at the computer - with it turned on and a privileged user logged in.

There are hundreds and hundreds of Linux security fixes. Apply them and you're quite reasonably safe.

I also pay attention to the various announcements. They show up in my email. This forum also posts some of them automatically. There are many thousands of entries in that section of the forum.

That's gonna happen so long as humans are writing the software (and probably even beyond that). We are imperfect beings and this is some complicated stuff. The devs say Rust is helping but that's mostly used for drivers.

There are often more security fixes for Linux (in a month) than there are in MSFT's Windows. That's not really a bad thing, though some folks see it as offensive. See, Linux is open source. That makes it easier to find the bugs and test the software for bugs using automated tools. Given the closed source nature from MSFT, we don't really know how many bugs exist.

Fortunately, we have a lot of paid and unpaid people finding bugs in software AND using 'responsible disclosure'. Instead of making money by selling the exploits, they're disclosing them - sometimes for a reward called a 'bug bounty'.

(Yes, I pay a great deal of attention to security. I used to even go to the conferences like Defcon and Black Hat. While I hired experts, it was still essential to keep up on what was going on in the security world. I can elaborate if needed though my NDA won't be up until June of 2027.)

 

[MikeWalsh]

@KGIII :-

I never used anything after XP on my own systems. Tried Vista & 7 once, each. Couldn't see what the fuss was about, and wasn't ever going to pay for it again, so....

.....Linux, here I came!


Mike.

 

[KGIII]

I never used anything after XP on my own systems.

I moved to Linux exclusively, all in a single day, in 2007. I can't be too specific, but I think it was in July but it could have been June or August. However, it was certainly in that period and was absolutely 2007. That was after selling my company and retiring.

I was an old Unix user and had used Windows because I had to interact with a Windows ecosystem.