Skip to content(if available)orjump to list(if available)

Notorious Malware, Spam Host "Prospero" Moves to Kaspersky Lab

Notorious Malware, Spam Host "Prospero" Moves to Kaspersky Lab

32 comments

·February 28, 2025
Visit

ziddoap

I am trying to temper my dislike for krebs, but it is getting difficult.

Kaspersky operates an autonomous system (AS) and "Prospero" has traffic routed through that AS. Microsoft and Google also route all sorts of malware and spam through their ASes.

>The routing through networks operated by Kaspersky doesn’t by default mean provision of the company’s services, as Kaspersky’s automatic system (AS) path might appear as a technical prefix in the network of telecom providers the company works with

Censorship shouldn't happen at the AS level, anyways.

stepupmakeup

One comment even says the AS name is an acronym for their DDoS protection service.

flutas

Honestly, I really have to take what he says with a shaker of salt after the Ubiquiti fiasco and his refusal to admit what happened until a year later and being forced to by a court.[0]

[0]: https://krebsonsecurity.com/2022/08/final-thoughts-on-ubiqui...

[1]: https://news.ycombinator.com/item?id=32663296

ziddoap

>I really have to take what he says with a shaker of salt after the Ubiquiti fiasco

For me, it was when he doxxed security researchers, claiming they were criminals with no evidence.

knallfrosch

For me it was when he doxxed someone by connecting them to accounts in forums for sexuality. He revealed the identity and the sexual desires. No, it was not relevant to the story at all.

jamespo

To his credit, he puts himself out there. He's not some anon on HN.

null

[deleted]

null

[deleted]

antithesis-nl

[flagged]

ziddoap

>you might want to check with your God Emperor on that

I'm not from the US, thanks.

antithesis-nl

[flagged]

easterncalculus

    > I am trying to temper my dislike for krebs, but it is getting difficult.
I'm not. The guy lies for a living.

wongarsu

Is this one of these stealth advertisements where cyber security companies teach you how to operate better malware under the pretense of warning the public?

Key takeaways from the article: Prospero is a Russian hoster trusted by top cybercrime groups. Especially popular is their bearhost brand, which provides great service since 2019 and openly invites you to operate botnets, brute-force attacks or phishing websites on their hosting service.

Kaspersky by contrast is barely mentioned in the original portion of the article, it's only the later updates that go into detail here

Edit: maybe stealth advertisement isn't quite the right word. I'm not implying monetary compensation or any business relation, only that better malware provides job security for the cyber security sector

null

[deleted]

gtirloni

Relevant: https://news.ycombinator.com/item?id=43229855

vlovich123

> Once Kaspersky discovered that the code its antivirus software detected on the NSA worker’s machine were not malicious programs but source code in development by the U.S. government for its hacking operations, CEO Eugene Kaspersky says he ordered workers to delete the code.

Krebs is ranking lower in my eyes with writing like that. First, that’s obviously malicious software. Secondly, this is muddling binaries and source code. Is the claim that Kaspersky gathered the source for malware off the machine? That’s not typical behavior. If the claim is it gathered the binary that was built, that feels like a nothing burger.

Even the response from Kaspersky makes Krebs seem alarmist for the sake of generating attention traffic rather than someone investigating if there’s anything out of the ordinary in the first place. Didn’t even give them a few days to respond before publishing the article.

DaiPlusPlus

> Secondly, this is muddling binaries and source code.

It can be both: lots of malware exists in executable-source form, like PowerShell scripts and the like.

antithesis-nl

> Didn’t even give them a few days to respond before publishing the article

So, Microsoft does not fix a security issue immediately when someone vaguely refers to a vulnerability on x-aka-reichs-nachrichten.com: bad! Avoid them! Cancel all contracts!

Kaspersky Labs hosts a group that has been known to push out malware for literal years: well, it's not proven they are actually that bad, they deserve a chance, come on...

shrugs

vlovich123

First, you are imputing a position onto me I have not taken. Kaspersky is an entirely different time zone and didn't even get 24 hours to respond and indicated this is an issue for them but one they can't solve directly and what that's the case. They said they're working with their vendor to get this situation rectified. This really is unnecessary alarmism unless the situation is still persisting.

I generally have a very positive view of Kaspersky's actions in the security space and they generally are very very careful of their reputation despite the smearing that happens in Western media (the concerns may be valid but the blanket FUD smearing is uncalled for). They have a much higher reputation in my mind than companies like Symantec.

null

[deleted]

fredgrott

Side note, If you are developing software that hacks anything WHY IN THE HELL would you have any antivirus software installed knowing full well that antivirus software extracts any detected virus and sends it elsewhere? For context that was the excuse for the 2017 ban of Russian antivirus firm....

wongarsu

An NSA contractor writing malware choosing to use Kaspersky is either a massive mark against that contractor or a massive endorsement of Kaspersky.

slt2021

Two reasons:

  1. Kaspersky AV had the strongest heuristics analyzer and the largest signature base

  2. If you write malware, you want to test it periodically (in sandbox) if AV engines detect it

HenryBemis

The problem(s) with Russia (as exactly like in China) is the following:

  1) a company like Kaspersky can easily be employing 1-5-10-50 KGB/FSB agents, even without them knowing about the existence of the other agents (so they rat on each other)
  2) a company like Kaspersky can be arm-twisted and/or knee-capped to knowingly employ 1-5-10-50 employees (similar to US three letter agencies operating in US companies)(room 641A)(NOBUS MS Exchange hole that was there for 20 years, etc)
  3) I remember as a sysadmin using McAfee ePO 20+ years ago to "check things and do stuff" on employees' PCs when my Microsoft SMS was not working
  4) Russia just like China have a different sense of "rule of law". The supreme law is the "national interest " and Xi/Putin and their apparatus-es define it very freely.

antithesis-nl

Ah, yeah, I already wondered why these guys were suddenly back... The tell-tale sign here is admission scam emails from name-alike-domains for (mostly) Indian and (some) US colleges (with the payload being, mostly, crypto harvesters), but these are pretty noisy due to being pretty similar to earlier attempts...

null

[deleted]

null

[deleted]