Budding malware author uses same Skype ID across job applications and IoT botnet ads

Thinks they’re safe from law enforcement because they’re a juvenile…

David bisson
David Bisson

Budding malware author uses same Skype ID across job applications and IoT botnet ads

A young malware developer is using the same Skype ID for applying to jobs and advertising their Internet of Things (IoT) botnet.

“DaddyL33T” is a 13-year-old malware developer. They’ve set up the DaddyHackingTeam portal, the future site of a botnet web control interface, and they maintain an active profile under the name “DaddyPvP” on the HackForums security technology platform. In one of his posts to the site, the padawan of poisonous software requests help scanning to a Qbot botnet.

One of DaddyPVP's posts on HackForum. (Source: Bleeping Computer)
One of DaddyPVP's posts on HackForum. (Source: Bleeping Computer)

It’s therefore not surprising to learn that the individual’s DaddyHackingTeam service currently houses code for Qbot along with other malware families.

Sign up to our free newsletter.
Security news, advice, and tips.
A "botnet file" repository hosted on DaddyHackingTeam. (Source: Bleeping Computer)
A “botnet file” repository hosted on DaddyHackingTeam. (Source: Bleeping Computer)

In the forum post above, you can clearly see DaddyPVP’s Skype ID. It ends with the characters “pro69”. As it turns out, that Skype ID appears elsewhere around the web, including in applications for server setup jobs.

Daddyhackingteam job
A job application bearing the same “pro69” Skype ID. (Source: Bleeping Computer)

Ankit Anubhav, a principal researcher at NewSky Security, managed to track down DaddyL33T and engage him on Skype. During their conversation, the malware developer revealed that they’re only 13 years old. This could explain why their botnet shows similarities with other IoT malware, indicating they could have created their threat by copying and pasting existing code.

Apparently, neither their age nor their use of the same Skype ID for all their digital activities bothers the malware developer. They feel they’re protected enough by the fact that law enforcement doesn’t always prosecute juveniles for computer-related offenses.

That’s true enough… depending on where you live. In the past few months alone, Japanese officers have arrested two young teenagers for creating ransomware. So it does happen.

Naturally, DaddyL33T didn’t reveal where he lives, so it’s impossible to determine how local law enforcement might respond if they became aware of the malware developer’s activities.

Anubhav came away from his conversation with the malware author deeply troubled. As he told Bleeping Computer:

“What concerns me is that with a bit of copy-paste of available code, a kid of age 13 can start a botnet. Such people should be encouraged more towards the white-hat side, and we must also include ethics 101 to mentor our young programmers. His work is simple but given if he is 13, it’s really impressive. Sadly in the wrong direction.”

Parents, don’t underestimate your role in keeping your tech-savvy kids on the right side of the law. Here are a few tips you can use to steer your children away from cyber crime.

At the same time, IoT device owners should recognize the threat posed by young malware developers like DaddyL33T and copy-and-paste botnets. They should therefore make an effort to protect their devices as best as they can.

David Bisson is an infosec news junkie and security journalist. He works as Contributing Editor for Graham Cluley Security News and Associate Editor for Tripwire's "The State of Security" blog.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.