Kaspersky Lab, a Russian antivirus and security firm, has been found to be involved in routing the operations of Prospero OOO, a notorious provider of abuse-friendly “bulletproof” web hosting for cybercriminals. Security experts have identified Prospero as a persistent source of malicious software, botnet controllers, and phishing websites, with connections to bulletproof services advertised on Russian cybercrime forums.
Prospero, operating under the names Securehost and BEARHOST, has a reputation for ignoring legal demands and abuse complaints, making it a popular choice for cybercriminal activities. The service provider openly advertises its services for hosting botnets, malware, phishing, and other illegal tasks, claiming to completely ignore abuse complaints from organizations like Spamhaus.
Intrinsec, a French security firm, discovered that Prospero has been hosting control servers for ransomware gangs and malware operations such as SocGholish and GootLoader. These operations often lead to serious cyber intrusions, including ransomware attacks. BEARHOST prides itself on evading blocking by Spamhaus and other organizations.
Recently, Spamhaus observed that Prospero was routing its operations through networks operated by Kaspersky Lab in Moscow. Kaspersky Lab, known for its antivirus and security software, has faced controversies in the past, such as being banned by the US Department of Homeland Security due to concerns about potential ties to the Russian government.
Despite Kaspersky’s reputable background in malware research, the company’s association with Prospero raises suspicions. The ban on Kaspersky software in the US highlights concerns about the Russian government potentially leveraging the company for intelligence gathering.
Phishing data from the Interisle Consulting Group revealed that Prospero had a higher spam score than any other provider, indicating a significant presence of spambot hosts. It remains unclear why Kaspersky is providing transit to Prospero, with speculations ranging from DDoS protection services to potential collaborations for cybercriminal activities.
Experts like Doug Madory from Kentik and Zach Edwards from Silent Push have raised concerns about Kaspersky’s involvement with a bulletproof hosting provider like Prospero. While it’s possible that Prospero is simply purchasing DDoS protection services from Kaspersky, the association between a reputable security firm and a provider known for hosting cybercriminal activities raises ethical and security implications.
As the investigation into the relationship between Kaspersky Lab and Prospero continues, the cybersecurity community remains vigilant about the potential risks and implications of such partnerships in the fight against cybercrime. The collaboration between a well-known security firm and a bulletproof hosting provider highlights the complexity and challenges in addressing cyber threats in the digital landscape.