Researchers have warned that a large-scale sextortion campaign is making use of a network of more than 450,000 hijacked computers to send aggressive emails.

A network of private computers, infected with malicious software and controlled as a group, has been used to send spam messages. The emails threaten to release compromising photographs of the recipient unless a specific amount is paid in Bitcoin. The emails contain personal information, such as the recipient’s password, to specifically target more than 27 million potential victims at a rate of 30,000 per hour.

While analysis suggests a small fraction of those targeted have actually fallen for this ploy, one expert said such botnets still offered a great return on investment for cyber-criminals. “A botnet can be used for many things,” said Charles Henderson, from IBM’s X-Force Red Security Team. “This was just one task.” A botnet is a network of computers taken over by hackers using malicious software typically spread via infected web pages or email attachments. Botnets can carry out attacks spread across a wide number of machines, making it harder to disrupt and the attacker’s origin harder to trace.

Security Company Check Point said that this latest sextortion attack used the Phorpiex botnet, which has been active for more than a decade. Research head Yaniv Balmas said that those individuals would probably not know that their computers were hacked. “Attackers are simply using the victims' computers as vessels.”

Spreading an email campaign across a botnet in this way would reduce the risk of the emails being flagged as spam - though it is not clear how many were able to reach intended inboxes.

“The criminals are getting smart enough to use a larger botnet and sending fewer emails per machine,” said Henderson, who was not involved in Check Point’s research but had

observed the same botnet in operation. Experts advise using the latest versions of software, particularly web browsers. to avoid being susceptible to this kind of attack.

A typical email sent by the botnet has a subject line of “Save Yourself.” The message may read, “My malware gave me full access to all your accounts (see password above), full control over your computer, and it was possible to spy on you over your webcam.” The claim is not true but the emails include a genuine password associated with the target’s email address.

“The attacker is saying, ‘Hey, we hacked your computer, we saw you doing this and that, and this proves it. This is your password,’” Balmas said. Check Point monitored one Bitcoin wallet used to collect funds from this scam and found about 11 bitcoin — almost $100,000 — was collected in a five-month period.

“Most people do not fall for sextortion scams,” Mr. Balmas said, “but it is the rule of big numbers. If I’m sending 100,000 sextortion emails, it’s enough that 100 people fall for the trap. I get my money.” He continued, “It was likely the same botnet was used to carry out other, more lucrative attacks, such as the theft of credit card details. It is not somebody doing this from his garage; it is a group of individuals doing this for their day jobs. This is their business.”

Call the Pima County Sheriff’s Auxiliary Volunteers with information about scams and frauds. To contact the Scam Squad directly, 9 am to noon Monday through Friday, call (520) 351-6715, or email: To report suspicious activity or a particular incident of fraud (which is a scam involving a loss of money) call (520) 351-4900. You may also check our Web site at

If you are interested in becoming a Sheriff's Auxiliary Volunteer, please email for an application or call (520) 351-6746.

Better than a comments section

Discuss the news on NABUR,
a place to have local conversations

The Neighborhood Alliance for Better Understanding and Respect
A site just for our local community
Focused on facts, not misinformation
Free for everyone

Join the community
What's NABUR?