BrianKrebs on Nostr: New, from me: One of the most notorious providers of abuse-friendly “bulletproof” ...
New, from me:
One of the most notorious providers of abuse-friendly “bulletproof” web hosting for cybercriminals has started routing its operations through networks run by the Russian antivirus and security firm Kaspersky Lab, KrebsOnSecurity has learned. Kaspersky did not respond to multiple requests for comment.
Security experts say the Russia-based service provider Prospero OOO (the triple O is the Russian version of “LLC”) has long been a persistent source of malicious software, botnet controllers, and a torrent of phishing websites. Last year, the French security firm Intrinsec detailed Prospero’s connections to bulletproof services advertised on Russian cybercrime forums under the names Securehost and BEARHOST.
"If you need a server for a botnet, for malware, brute, scan, phishing, fakes and any other tasks, please contact us," BEARHOST's ad on one forum advises. "We completely ignore all abuses without exception, including SPAMHAUS and other organizations."
https://krebsonsecurity.com/2025/02/notorious-malware-spam-host-prospero-moves-to-kaspersky-lab/ 
Published at
2025-02-28 20:18:59Event JSON
{
"id": "ff24fad56efbf953bdb99dfa331623e4986e4cd23a787587a4e5b8cc6e97bb27",
"pubkey": "1a5ac5b37984c5e37a11bc914029a81f025326ea7950c9475d9a3f21a494cb56",
"created_at": 1740773939,
"kind": 1,
"tags": [
[
"imeta",
"url https://media.infosec.exchange/infosec.exchange/media_attachments/files/114/083/353/323/378/955/original/f72e2645154f15da.png",
"m image/png",
"dim 902x592",
"blurhash UNRp5w8^DijEIUWFt7a~T0x]kXofxskSt5WV"
],
[
"proxy",
"https://infosec.exchange/users/briankrebs/statuses/114083360905942789",
"activitypub"
]
],
"content": "New, from me: \n\nOne of the most notorious providers of abuse-friendly “bulletproof” web hosting for cybercriminals has started routing its operations through networks run by the Russian antivirus and security firm Kaspersky Lab, KrebsOnSecurity has learned. Kaspersky did not respond to multiple requests for comment.\n\nSecurity experts say the Russia-based service provider Prospero OOO (the triple O is the Russian version of “LLC”) has long been a persistent source of malicious software, botnet controllers, and a torrent of phishing websites. Last year, the French security firm Intrinsec detailed Prospero’s connections to bulletproof services advertised on Russian cybercrime forums under the names Securehost and BEARHOST.\n\n\"If you need a server for a botnet, for malware, brute, scan, phishing, fakes and any other tasks, please contact us,\" BEARHOST's ad on one forum advises. \"We completely ignore all abuses without exception, including SPAMHAUS and other organizations.\"\n\nhttps://krebsonsecurity.com/2025/02/notorious-malware-spam-host-prospero-moves-to-kaspersky-lab/\n\nhttps://media.infosec.exchange/infosec.exchange/media_attachments/files/114/083/353/323/378/955/original/f72e2645154f15da.png",
"sig": "5fbf0153bf517d57523d7dcbebbfcee783b5ae637978b5c6b257d7c7af05b8e984212c15675460387b271148baacf67ca42dd755e130710ddaa2fe9c4f82a3ca"
}
