Currently botnet As a potential threat to cybersecurity, the FBI has issued a warning about the illegal use of free VPN applications. These applications not only threaten personal cybersecurity but are also tools for online criminal activities.
Join the channel Telegram belong to AnonyViet 👉 Link 👈 |
FBI busts 911 S5 botnet
The FBI recently destroyed the 911 S5 botnet, believed to be the world's largest botnet ever, and collected more than 19 million compromised IP addresses from more than 190 countries. Total confirmed losses amount to billions of dollars.
How botnets work
This botnet deployed a sophisticated strategy, using free VPN services, bundled with video games and copyrighted applications, to install malware on users' machines. without their permission.
VPN applications exploited by cybercriminals include: MaskVPN, DewVPN, PaladinVPN, ProxyGate, ShieldVPN and ShineVPN.
Users, when installing these VPNs, have no idea that they are opening the door for the 911 S5 botnet to infiltrate their systems. Botnets are used to commit crimes such as bomb threats, financial fraud, identity theft, child exploitation and initial access brokering, etc. and this activity appears to come from the device of victim.
How to remove malicious VPN apps
To know if you are a victim of the 911 S5 botnet, you can follow the FBI's instructions below:
Method 1: Through Task Manager
Step 1: Press the key combination Control + Alt + Delete on the keyboard and select Task Manager or right-click the Start menu, select Task Manager.
Step 2: After starting Task Manager, under the 'Processes' tab, search for:
- MaskVPN (mask_svc.exe)
- DewVPN (dew_svc.exe)
- PaladinVPN (pldsvc.exe)
- ProxyGate (proxygate.exe, cloud.exe)
- ShieldVPN (shieldsvc.exe)
- ShineVPN (shsvc.exe).
Step 3: Select End task to stop application activity.
Step 4: Then, right-click the folder named “MaskVPN,” “DewVPN,” “ShineVPN,” “ShieldVPN,” “PaladinVPN,” or “ProxyGate,” and select Delele.
You can also select all files in the folder and then select Delete once.
Method 2: Through Start
If Task Manager If one of the above apps cannot be detected, click the Start button in the bottom left corner of the screen, then search for the following names:
- MaskVPN
- DewVPN
- ShieldVPN
- PaladinVPN
- ShineVPN
- ProxyGate
If you detect one of the VPN applications, click Uninstall to uninstall them immediately.
Method 3: Use Add or remove programs
If the app doesn't have an uninstall option, follow these steps:
Step 1: Click Start and type “Add or remove programs”.
Step 2: Find the name of the malicious application. Once found, click on the name of the application and select Uninstall.
After that, you can check if it has been deleted by going to File Explorer > Go to drive C and select Program Files(x86). Here, find the name of the malicious application in the list. If not, that's ok. (With ProxyGate, you access the address C:\[Userprofile]\AppData\Roaming\ProxyGate)
Measures to prevent botnets
Authorities also recommend that to avoid encountering a botnet, you should:
- Avoid untrustworthy websites and ads.
- Be wary of downloading free software, such as the VPN apps listed above.
- Don't click on popup ads from suspicious websites.
- Ignore untrustworthy emails.
- Be cautious of emails asking you to open an attachment or click on a link.
- Always keep your antivirus software up to date to ensure it can detect the most recent threats.
The FBI also warns businesses that botnet attacks are designed to exploit vulnerabilities in software. Therefore, it is important to install timely updates and patches and disseminate security policies to all employees.
Epilogue
To protect yourself from threats from botnet and cybercrime, compliance with FBI recommendations is critical. Please update your anti-virus software and stay away from unreliable websites to ensure the safety of your device!