It can determine if whether requests for new "mules" come from a botnet member or a security company. If the request comes from a security company or researcher, the server will respond with account data of innocent people, thus protecting their mules from prosecution.
The accounts are people who received a legitimate transfer from a URLZone victim before.
'Mules' are the people who receive payments from infected PCs and forward them to the gangster's accounts. That's money-laundering, and not only criminal, but also quite dangerous. The fake mule responses will put innocent people under suspicion of money laundering.
Posts
No comments:
Post a Comment