SystemBC – Bringing the Noise blog.lumen.com/systembc-…

The Black Lotus Labs team at Lumen Technologies has uncovered new infrastructure behind the “SystemBC” botnet, a network composed of over 80 C2s with a daily average of 1,500 victims, nearly 80% of which are compromised VPS systems from several large commercial providers. The victims are made into proxies that enable high volumes of malicious traffic for use by a host of criminal threat groups. By manipulating VPS systems instead of devices in residential IP space as is typical in malware-based proxy networks, SystemBC can offer proxies with massive amounts of volume for longer periods of time. Similar, high-bandwidth proxies in residential IP space would alert and disrupt users of smaller, lower bandwidth devices.

Black Lotus Labs has observed these proxies in use by multiple networks in the criminal ecosystem; including at least two different Russia-based proxy services, one Vietnamese proxy service, and a Russian parsing service. While selling the same bots on multiple platforms, the service generates very large amounts of traffic without regard to the attention it draws – nearly 100% of the bots are eventually listed on “block list” sites for mass scanning, exploitation, and brute forcing.