With a Massive Botnet Recently Disrupted, Let’s Review What a Botnet Is

With a Massive Botnet Recently Disrupted, Let’s Review What a Botnet Is

It was very recently revealed that a global law enforcement effort took down a massive botnet that was in action for almost a decade. In light of this, we wanted to review what a botnet is and how it works, drawing from these events for some context.

Let’s begin by summarizing the situation.

A Botnet, Potentially the Biggest Ever, Was Disrupted

It has been alleged by the Justice Department that YunHe Wang, a 35-year-old national of the People’s Republic of China, created and disseminated malware that compromised millions of private Windows computers around the world and incorporated them into a massive botnet known as 911 S5. According to the indictment, Wang then provided access to the 19 million infected IP addresses to other cybercriminals, personally amassing millions of dollars.

Court documents state that Wang was able to accomplish this by offering a free virtual private network—allowing 911 S5 users to hide their traffic in these machines—and by bundling it in with pirated software downloads. The cybercriminals that he allegedly sold this access to then used the undermined computers to commit a litany of crimes, including cyberattacks of their own, widespread fraud, online harassment, child exploitation, export violations, and bomb threats. According to the claims made in the indictment, Wang’s approximately $99 million in sales between 2018 and July of 2022 allowed him to purchase various assets around the world, including 21 pieces of property, numerous vehicles, cryptocurrency wallets, and much more.

According to the indictment, 911 S5 has also enabled the theft of billions from financial institutions, credit card issuers, and federal lending programs, as well as fraudulent claims being made to pandemic relief programs.

Law enforcement first caught wind of this operation when IP addresses purchased from 911 S5 were used with stolen credit card details to place orders on ShopMyExchange, the Army and Air Force Exchange Service’s e-commerce platform. After an international investigation, Wang has been charged with conspiracy to commit computer fraud, substantive computer fraud, conspiracy to commit wire fraud, as well as conspiracy to commit money laundering… all of which could potentially penalize him with 65 years in prison, should he be convicted on all counts.

So, What is a Botnet?

A botnet is a collection of Internet-connected computers and other devices that are networked together and can be used to accomplish a bad actor’s goals without the owner knowing. There are various uses that cybercriminals have for botnets. Some will use them as the muscle behind a cyberattack, committing the computing resources of every involved device to overcoming a system’s protections. Others will use them to perform credential stuffing, which is a means of breaking into an account by trying lists of stolen usernames and passwords. Some will use them to mine for cryptocurrency.

Long story short, it’s a lot of people’s devices being used without their knowledge or permission to do something most of those people likely wouldn’t approve of.

What Can We Learn from this Situation?

First and foremost, always, always, always download any software from a legitimate and verifiable source. It’s good to remember that nothing is ever free… you’ll always pay for it in some way, shape, or form. In the case of all the people who used the “free” VPN, they paid for it by having their devices co-opted for cybercriminal activity.

If you are one of these people, it is important that you remove the applications installed by 911 S5, which the FBI has provided some guidance into.

Second, 911 S5 is relevant enough that it bears bringing up the dangers of shadow IT in a business. While it was targeted at personal users and computers, is it really that hard to think that one of your team members might have installed it or something similar? You need to know that your team will not just go and install things on their own computers, and that they’ll turn to IT for help in obtaining what they need. 

Otherwise, they run the risk of installing pirated or cracked software (software with its copy protections removed), which can very easily cause both operational and legal troubles for your business… and that’s without taking the potential of being part of a botnet into account.

If you need an IT resource for your team to turn to, we’re here to help. White Mountain IT Services helps New Hampshire businesses with all things information technology, and we do it in such a way that, ideally, you won’t even know we’re there. Give us a call at (603) 889-0800 today to learn more.

White Mountain IT

Related Posts

When it Comes to Security, Two Factors are Better Than One

The password isn’t nearly as secure as it used to be. Hackers have begun to take advantage of extremely powerful solutions designed to brute force their way into accounts by using software to rapidly guessing thousands of passwords per second, making it extraordinarily difficult to prepare yourself for them. What’s the best way to guarantee that passwords aren’t going to be the downfall of your c...

Tip of the Week: Three Steps to Policing Your IT Policies

Small businesses are presented with the challenging prospect of monitoring and policing various IT-related policies that you might have for your network infrastructure and workplace technology use. The difficulty of this notion does little to lessen its importance, however. You need to take action to protect your assets, data, and reputation from the countless threats out there, and ensuring that ...

Why (and How) SMBs Should Strategically Adopt Technology

There is no question that a small business can benefit from technology, as has been proven time and time again. However, an issue can arise if a business bites off more than it can chew, so to speak, and ultimately creates a spike in costs. A responsible business owner will resist this temptation and prioritize the solutions they need over the ones they want - building profitability and generating...

You May Not Think You’re Popular, but Your Data Certainly Is

Data is extremely important in the way that most businesses conduct themselves. This results in other people wanting that information, too. Today’s blog will look at how seemingly everyone online is out for your data.  Businesses Want Your Data… Companies and hackers are both intensely interested in acquiring your personal data, albeit for vastly different reasons.  Companies collec...

Sound Familiar?

Here are some of the most common complaints we hear from businesses that aren’t satisfied with their IT vendor and want to switch to White Mountain.

There is a Better Way!

Give White Mountain IT a Call Today

BOOK A CALL

Nationwide Remote IT Services,

Without a Long Term Contract.

We provide services and support to businesses throughout the US. If we do not have an on-site resource in your area, we can manage a local vendor to provide on-site assistance if and when needed.

All our Managed Services are carried out by our dedicated team of full-time employees. These professionals have successfully cleared multiple security and background checks, ensuring the highest level of service and reliability for your business. 

Need an Onsite Visit?

We've Got You Covered!

Manchester N.H. Office:

121 Riverfront Drive
Manchester NH 03102

Nashua N.H. Office:

33 Main Street
Suite 302
Nashua NH 03064

Client Help Desk        603-889-2210

New Client Inquiries   603-889-0800

OPEN POSITIONS

Client Help Desk

603-889-2210

New Client Inquiries
   603-889-0800

© 2025 All Rights Reserved. Areas We Serve copy_right_image

Protected by Copyscape Plagiarism Checker – Do not copy content from this site.