geonode logo

Russian Operated Botnet, Rsocks, Has Been Seized By The US DOJ

On June 16th, 2022, the United States’ Department of Justice announced that it had seized control of the now infamous Rsocks website and successfully stopped its operations. According to their news release, Rsocks was disguising itself as a web proxy service but it was actually a botnet that has illegally obtained millions of IP addresses from hacked internet-connected devices.

Carl Gamutan

by Carl Gamutan

Publishing Date: June 22, 2022


On June 16th, 2022, the United States’ Department of Justice announced that it had seized control of the now infamous Rsocks website and successfully stopped its operations. According to their news release, Rsocks was disguising itself as a web proxy service but it was actually a botnet that has illegally obtained millions of IP addresses from hacked internet-connected devices.

In the press release, The Federal Bureau of Investigation started investigating Rsocks in early 2017. They used undercover purchases to gain access to the Rsocks botnet. Through doing so, FBI investigators uncovered Rsocks’ backend infrastructure and identified over 325,000 compromised devices. After they figured out the identities of some of the victims, FBI investigators analyzed their compromised devices and concluded that they were broken into through brute force attacks.

To catch Rsocks in the act itself, FBI investigators replaced the compromised devices of the victims with a cyber mechanism called a honeypot. The honeypot served as a decoy to bait Rsocks into compromising it and, lo and behold, the devices were later compromised by Rsocks.

The FBI has continued to actively identify, investigate, and counter any kind of cyber threat and they continuously explore and develop new strategies for doing so. If you’re a victim of cybercrime, you’re encouraged to report the incident with the Internet Crime Complaint Center.

If you’re looking for an ethical alternative to Rsocks and a far greater proxy experience then Geonode is here for you! You can try our services for only $7 and see if it's right for you.

Rsocks.jpg

At first, Rsocks only targeted Internet of Things (IoT) devices like time clocks or smart garage door openers. As time progressed and the botnet grew, it expanded into targeting additional devices such as Android devices and even desktop computers. Rsocks has stolen millions of IP addresses from such devices and the owners of those devices remain unaware that their IPs are being bought and used.

For a fee, legitimate proxy services provide their clients with IP addresses that they gained through ethical sources. The most popular way of doing so would be directly buying it from the people. Repocket is a great example. Rsocks, on the other hand, was selling IP addresses that were gained through unethical means, like injecting malware into the owner’s devices and gaining their private information. Rsocks charged their users upwards from $30 to $200 a day and those users gained access to 2,000 to 9,000 proxies.

Premium residential proxies

Unlock the full potential of the internet with our flexible Pay-As-You-Go billing, designed for every scale of usage with no hidden fees.