BlackOS: New Malicious Software Used by Cybercriminals to Redirect Traffic

Forum post announcing availability of BlackOS

Cybercriminals sometimes rely on special software to redirect traffic from malicious or compromised sites to other websites. Such a tool is BlackOS, which was analyzed by experts from Trend Micro.

Malware developers started advertising BlackOS on underground forums in late February 2014. While they advertise it as being new, BlackOS is actually based on “Tale of the North,” a piece of software first identified by security researchers in September 2013.

“BlackOS and other similar packages are designed to automate the process of managing and exploiting websites easier. This allows a cybercriminal to squeeze out the most profit from his victims. It has a web interface which is used to manage the web traffic and its different features,” Trend Micro experts explained.

“It can cope with high volumes of Internet traffic, and inject iframes and redirect traffic as specified by its user.”

BlackOS and other tools of this kind can be used by cybercriminals to manage web traffic coming from users who click on links in spam emails. Victims can be directed to various websites depending on their geographic location.

“Tale of the North” was developed by an individual called Peter Sevara and others. He’s facing criminal charges for using the Kelihos botnet for spam campaigns. However, this hasn’t made him put an end to his malicious activities.

Recently, Sevara had a misunderstanding with his Tale of the North partners, so they decided to go their separate ways. After the break-up, Sevara’s partners started working on BlackOS, which is an updated version of Tale of the North.

BlackOS is not cheap. A yearly subscription costs $3,800 (€2,750), but it can also be rented for $100 (€73) per month (basic configuration).


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s