Stories with Tag Spam

• Notorious Malware, Spam Host "Prospero" Moves to Kaspersky Lab

  permalink

  Posted: 2025-02-28 20:15:51

  Verbose tl;dr

  Cybersecurity firm Kaspersky Lab has hired Igor Prosvirnin, a former bulletproof hosting provider operating under the moniker "Prospero." Prosvirnin and his company were notorious for harboring criminal operations, including malware distribution and spam campaigns, despite repeated takedown attempts. Kaspersky claims Prosvirnin will work on improving their anti-spam technologies, leveraging his expertise on the inner workings of these illicit operations. This move has generated significant controversy due to Prosvirnin's history, raising concerns about Kaspersky's judgment and potential conflicts of interest.

  Brian Krebs, in a February 2025 post on KrebsOnSecurity titled "Notorious Malware, Spam Host 'Prospero' Moves to Kaspersky Lab," reports on the perplexing migration of a significant spam and malware-hosting operation known as "Prospero" to servers seemingly owned and operated by Kaspersky Lab, a prominent cybersecurity firm. This move has raised eyebrows and generated considerable concern within the cybersecurity community. Prospero, long identified as a haven for cybercriminals, facilitating phishing attacks, malware distribution, and other nefarious activities, appears to have inexplicably shifted its infrastructure to an internet address space registered to Kaspersky.

  Krebs meticulously documents the technical details of the shift, pointing to specific IP address blocks and Autonomous System Numbers (ASNs) associated with Kaspersky that are now hosting Prospero's operations. He notes that this is not a mere co-residence situation, where legitimate and malicious activities happen to share the same IP space due to network configuration. Instead, the evidence strongly suggests that Prospero's command-and-control servers, which direct the activities of botnets and malware infections, are now directly operating from within Kaspersky's designated network.

  The article highlights the unexpected and unsettling nature of this development. Kaspersky Lab is globally recognized for its antivirus and cybersecurity products, dedicated to combating the very threats that Prospero embodies. This seemingly contradictory situation raises numerous questions about how such a notorious malicious actor could end up operating within the infrastructure of a company dedicated to cybersecurity.

  Krebs acknowledges the possibility of a complex technical explanation, such as a server compromise or a sophisticated misdirection tactic employed by Prospero. He details his attempts to contact Kaspersky Lab for clarification, including emails and phone calls, emphasizing the urgency and importance of understanding this situation. However, as of the article's publication, Krebs had not received a definitive response from Kaspersky, leaving the situation shrouded in mystery.

  The implications of this migration, whatever the explanation, are potentially significant. The credibility of Kaspersky Lab could be undermined if Prospero's presence within their network is not adequately addressed. Moreover, this situation could provide Prospero with a degree of protection or legitimacy, making it harder for security researchers and law enforcement to disrupt its operations. The article concludes by emphasizing the need for transparency and a thorough investigation into the circumstances surrounding this unusual and concerning development.

  • Kaspersky Lab
  • Prospero
  • Malware
  • Spam
  • Cybersecurity
  • internet security
  • Botnet
  • cybercrime
  • Hosting Provider
  • Security Research
  • threat intelligence
  • Domain Takeover
  • Malicious Software
  • Phishing

  Summary of Comments ( 24 )
  https://news.ycombinator.com/item?id=43209878

  Verbose tl;dr

  Hacker News users discuss Kaspersky's acquisition of Prospero, a domain known for hosting malware and spam. Several express skepticism and concern, questioning Kaspersky's motives and the potential implications for cybersecurity. Some speculate that Kaspersky aims to analyze the malware hosted on Prospero, while others worry this legitimizes a malicious actor and may enable Kaspersky to distribute malware or bypass security measures. A few commenters point out Kaspersky's past controversies and ties to the Russian government, furthering distrust of this acquisition. There's also discussion about the efficacy of domain blacklists and the complexities of cybersecurity research. Overall, the sentiment is predominantly negative, with many users expressing disbelief and apprehension about Kaspersky's involvement.

  The Hacker News post titled "Notorious Malware, Spam Host "Prospero" Moves to Kaspersky Lab" has generated several comments discussing the implications of the domain's move to Kaspersky's infrastructure.

  Several commenters express skepticism and concern about Kaspersky's explanation. One commenter finds it "hard to believe" Kaspersky's claim that they haven't seen any malicious activity from the domain, given its history. They suggest that Kaspersky is either being dishonest or incompetent in their monitoring. Another commenter questions whether this is a deliberate move by Kaspersky to sinkhole the domain, but doubts it given the way the DNS records are set up, speculating it's more likely a customer leveraging Kaspersky's services.

  One thread delves into the possibility of this being a reverse takeover or some kind of malicious action aimed at Kaspersky. This theory posits that perhaps someone compromised Prospero's infrastructure and deliberately pointed it to Kaspersky to damage their reputation. However, another commenter counters that this scenario is unlikely given the relative simplicity of just redirecting the domain elsewhere.

  Some comments analyze the technical details of the DNS records, noting the use of Kaspersky's infrastructure for various services, suggesting a typical customer relationship. They also discuss the potential for false positives in malware detection, and how a domain previously used for malicious purposes might now be legitimately used.

  A few commenters express general distrust towards Kaspersky, stemming from past allegations and controversies surrounding the company. These comments reflect a pre-existing skepticism, influencing their interpretation of this specific event. However, others argue that dismissing Kaspersky outright based on past incidents is unfair and that concrete evidence is needed before jumping to conclusions in this specific case.

  The discussion also touches upon the challenges of cybersecurity and the complex nature of domain ownership and usage. It highlights the difficulty in definitively determining the intent behind such moves, as well as the potential for misinterpretations and the spread of misinformation.

• Show HN: Trolling SMS spammers with Ollama

  permalink

  Posted: 2025-01-22 19:23:48

  Verbose tl;dr

  The author created a system using the open-source large language model, Ollama, to automatically respond to SMS spam messages. Instead of simply blocking the spam, the system engages the spammers in extended, nonsensical, and often humorous conversations generated by the LLM, wasting their time and resources. The goal is to make SMS spam less profitable by increasing the cost of sending messages, ultimately discouraging spammers. The author details the setup process, which involves running Ollama locally, forwarding SMS messages to a server, and using a Python script to interface with the LLM and send replies.

  Evan Widloski has developed a system to automatically engage and playfully frustrate SMS spammers using a large language model (LLM) named Ollama, hosted locally on his machine. He describes his motivation stemming from annoyance with frequent spam text messages and a desire to waste the spammers' time and resources, potentially discouraging their operations.

  His technical implementation involves forwarding incoming spam SMS messages to a Python script. This script utilizes the Twilio API to identify the originating phone number. This number is then checked against a blocklist to prevent responses to legitimate messages. If the number is not blocked, the script formats the received spam message and feeds it into the Ollama LLM. The LLM is prompted to generate a nonsensical or absurd reply, designed to keep the spammer engaged in a pointless conversation.

  Widloski details specific prompting strategies to guide the LLM's responses, such as instructing it to impersonate a confused persona, ask irrelevant questions, or fabricate outlandish scenarios. The generated response is then sent back to the spammer via the Twilio API.

  He highlights the cost-effectiveness of running the LLM locally, minimizing expenses associated with cloud-based LLM services. Furthermore, he showcases examples of successful interactions with spammers, illustrating how the LLM-generated responses effectively lead the spammers on, often through multiple exchanges. Widloski also acknowledges potential drawbacks and ethical considerations, such as the possibility of the LLM inadvertently revealing personal information or generating offensive content. He emphasizes that his project is a personal experiment and stresses the importance of responsible use of LLMs. The post concludes with a reflection on the effectiveness of the approach and future possibilities, including refining the prompting strategy and incorporating more advanced language models.

  • SMS
  • Spam
  • Trolling
  • Ollama
  • LLM
  • Large Language Model
  • AI
  • artificial intelligence
  • Chatbot
  • Humor
  • Software
  • Project
  • HN
  • Hacker News
  • Show HN

  Summary of Comments ( 21 )
  https://news.ycombinator.com/item?id=42796496

  Verbose tl;dr

  HN users generally praised the project for its creativity and humor. Several commenters shared their own experiences with SMS spam, expressing frustration and a desire for effective countermeasures. Some discussed the ethical implications of engaging with spammers, even with an LLM, and the potential for abuse or unintended consequences. Technical discussion centered around the cost-effectiveness of running such a system, with some suggesting optimizations or alternative approaches like using a less resource-intensive LLM. Others expressed interest in expanding the project to handle different types of spam or integrating it with existing spam-filtering tools. A few users also pointed out potential legal issues, like violating telephone consumer protection laws, depending on the nature of the responses generated by the LLM.

  The Hacker News post titled "Show HN: Trolling SMS spammers with Ollama" generated a moderate amount of discussion, with a handful of commenters engaging with the original poster's project of using a local large language model (LLM) to engage with and frustrate SMS spammers.

  Several commenters expressed amusement and appreciation for the project's concept. One user praised the creative use of an LLM for this purpose, finding the idea of tying up spammers' resources with a bot entertaining and potentially helpful in reducing their effectiveness. Another commenter expressed a similar sentiment, enjoying the "trolling" aspect and appreciating the potential for wasting spammers' time and money.

  A couple of users raised practical questions and concerns. One individual inquired about the cost-effectiveness of running the LLM locally for this purpose, wondering if the expense of compute resources would outweigh the benefits. Another commenter raised a point about potential legal implications or risks associated with engaging with spammers, though no specific legal issues were identified.

  The original poster actively engaged with the comments, responding to questions and clarifying certain aspects of the project. They addressed the cost concern by explaining their utilization of a relatively small and efficient LLM, and also noted that the compute costs were currently negligible for their usage pattern.

  While there wasn't extensive debate or deeply analytical discussion, the comments generally reflected positive interest in the project, with users finding the idea clever and potentially useful. The main points of conversation revolved around the amusement factor, the practicality and cost of the approach, and potential risks involved. The lack of a large number of comments suggests that while the project intrigued some users, it didn't spark widespread or highly controversial discussion.