Pakistani Software Firm ‘We Code Solutions’ Linked With Underground Spam Operations

  • A company named ‘We Code Solutions’ was linked with years-long spam kit selling operations.
  • The owners and employees of the firm weren’t even bothering to hide their underground activities.
  • The U.S. prosecution has been gathering evidence on the spammers for two years now and is still at it.

The Karachi-based software firm ‘We Code Solutions’ has been linked with massive underground operations such as selling spam kits and advanced tools to a large number of actors since 2015. The evidence is laid out by investigative journalist Brian Krebs who has found out that the Pakistani firm and its employees are not even trying to hide the fact as they are proudly posting clues on social media, registered domains that have been used for the dissemination of spam with their real identities, and host seemingly legitimate and obviously malicious websites on the same servers.

Krebs has been following the group he named “The Manipulaters” for years now and connected them with underground identities such as “Saim Raza,” “Fudtools,” “Fudpage,” and “Fudsender.” The “FUD” part that is often used is an acronym that stands for “Fully UnDetectable,” supposedly reflecting the low anti-virus and anti-spam detection rates that one can enjoy by using the “Fud Tool.”

Source: Krebs on Security

A characteristic example of the fact that the employees of ‘We Code Solutions’ were not even trying to hide their underground operations is an image of a cake from an office party writing “FudCo” in the center, posted on the firm’s Facebook page.

Source: Krebs on Security

In another case, Rameez Shahzad, a team leader in the firm, has posted a screenshot from his work on a WordPress site to demonstrate something that’s coming soon, exposing the username Saim Raza. Not bothering to use a different username is indicative of the person’s general stance, as Krebs reports that the actor is using the same password (“lovetears”) across a number of email addresses the journalist was able to link to him.

Source: Krebs on Security

The event that caused the most catastrophic exposure for the actors is when the manipulaters[.]com expired, giving the opportunity to ‘Scylla Intel,’ a cyber intelligence firm, to hop in and grab it. This opened the way for accessing the email accounts and gather very revealing information about the owners and their clients.

Right now, U.S. federal investigators are gathering information and evaluating all the pieces of incriminating evidence, preparing a case against the spamming firm, its owners, and even some of its employees. Such is the volume of evidence that even the U.S. law enforcement authorities have been overwhelmed.

REVIEW OVERVIEW

Latest

Banking Trojan Targets 100 Organizations in Brazil

A banking trojan from Latin America was found targeting almost 100 Brazilian organizations and individuals.The malware was first noticed in late August...

The Number of Phishing Emails Impersonating Craigslist Is Growing

Craigslist Gsuite & Microsoft users are being targeted with phishing emails that present a fake user login page.These emails rely on brand...

Best Buy, Home Depot, and Lowes Drop Surveillance Companies Linked With Uyghur Oppression

Best Buy, Home Depot, and Lowes have decided to pull off the shelves all the security cameras from Lorex and Ezviz.The US...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari