RSOCKS Proxy Botnet Administrator Pleads Guilty

Denis Emelyantsev, the man behind the notorious RSOCKS proxy botnet, pleaded guilty to two charges of computer crime months after his extradition from Bulgaria.

The 36-year-old Russian ran a prolific operation offering criminals access to compromised computers. Threat actors would rent proxy pools consisting of hacked devices to redirect their Internet traffic.

Rent for access to a proxy pool cost from $30 per day for 2,000 devices to $200 per day for up to 90,000 proxies.

Infected machines included mainly Internet of Things (IoT) devices, such as routers, audio/video streaming devices, and smart garage door controllers. As the malicious operation expanded its range, however, the botnet started to include personal computers and Android devices.

As KrebsOnSecurity reported, administrating the botnet wasn’t Emelyantsev’s first brush with cybercrime; he also played a major part in Russia’s email spam industry for over a decade.

An investigation revealed that the culprit claimed ownership of RUSdot, a spam forum spawned from the ashes of Spamdot, a tight-lipped community of virus writers, spammers and cybercriminals. Allegedly, Russian cybercrime forums mentioned RSOCKS by its full name, “RUSdot Socks Server.”

At his extradition hearing, Emelyantsev told the Bulgarian court he was determined to prove his innocence in a US courtroom. The US Attorney’s Office for the Southern District of California, which is prosecuting Emelyantsev’s case, has offered no further details on the issue. It remains unknown whether the accused has shared his knowledge with the authorities as part of his plea deal.

On Monday, RSOCKS botnet’s administrator pleaded guilty to damaging and conspiring to damage protected computers. Emelyantsev could spend up to 20 years in prison after his sentencing, scheduled for April 27.