Oops! Wrong number. Or rather, wrong website. A man believed to be a “wannabe cybercriminal” mistook recent Damballa research on Pony Loader “as a sales pitch” and queried the company, looking to buy the malware and get help installing it.
“If I buy Pony Loader, you support to install or not?” the query read.
Not content to just reject the request, researchers at Damballa did a little sleuthing of their own using the information provided by the potential “customer” and discovered that darknetshop is a Thailand-based online blog that sells goods like smartphones and laptops. Its proprietor, Waipot Sompa, is a scammer from way back but ultimately “doesn't strike us as someone who has the technical knowledge to use and install crimeware,” according to a Damballa blog post, penned by a senior threat researcher at the company, Loucif Kharouni, and emailed to SCMagazine.com Friday.
Underscoring that Damballa isn't a cyberbroker, Kharouni said, “Please take note, Damballa does NOT sell exploits nor do we provide support or install, au contraire: We help enterprises in the battle against cyber criminals who have compromised their network.”