The criminal gang behind the Phorpiex botnet has shut down operations and put the botnet’s source code for direct sale on darknet cybercrime forums.
Experts at security vendor Cyjax quickly discovered the situation after criminals who had been involved in botnet attacks put out advertisements.
The decision to sell the source code was made because the two original authors of the malware intended to withdraw from the campaign.
The public forum advertisement said, “I don’t want to do it anymore, and my friends are going to quit, so I decided to sell the source code of Trik (named by virus author)/Phorpiex (named by security vendor).”
The main bot and modules are written in C++, and the authors claim that neither triggers any firewall/UAC (User Account Control) prompts.
With the help of CheckPoint malware researcher Alexey Bukhteyev, the media also confirmed the authenticity of the ad content.
The researchers also confirmed that this is the first time the bot’s source code has hit the shelves.
Bukhteyev noted that even if the botnet’s command-and-control servers were shut down, a new buyer of the source code would still be able to set up the new code and take over a previously infected system.
Bukhteyev also said that there is still a lot of access traffic to the botnet, and there may be many infected devices.