A Dark Web service specialized in Jabber/XMPP spam is offering spamées the option of stopping all incoming messages for a small fee of 0.01 Bitcoin, which comes down to around $25.
While Jabber spam has been a relatively small problem for many years — compared to email spam — it has become unbearable during the past twelve months, thanks mainly to the rise of XMPP-spam-for-hire services on the criminal underground.
We already covered one of these earlier in the year, a service called XSender, which has been operating out of a portal on the public Internet.
During the past three months, the newly launched All Base service has risen to take XSender's top spot as the main source of all XMPP spam. The service has been spamming users at levels not seen from XSender or any other previous services.
The All Base portal is operated from the Dark Web and most of the spam is for illegal products, such as data dumps, carding forums, malware, and drugs.
The service is run by a team of professionals specialized in advertising cyber-crime services. The same All Base team also runs the Private Link Base portal, a service that lists links for various cyber-crime services.
The All Base portal is run from the Dark Web and allows "advertisers" to spam four categories of users: those associated with carder forums, those associated with hacks and exploits, those associated with the underground world of drug sales, and all of the above.
A form on the portal's frontpage allows an advertiser to submit his XMPP ID and the message he wants to spam out. To spam all users, one must pay 0.04 Bitcoin ($100) to a Bitcoin wallet.
Similarly to XSender, All Base was built after its owners scraped the Internet and IRC chats for XMPP IDs published online by their owners. Unlike the owners of XSender — who use a strict policy of not spamming users with ads too many times per day — the All Base service doesn't bother with any limitations.
For example, this reporter received 153 messages today, with some messages arriving seconds within each other. With this amount of spam, if someone's XMPP address was exposed and included in the All Base database, the spamée would have a tough time using XMPP until he changes his XMPP ID.
Fortunately, there is a privacy option in most XMPP clients that allows users to block incoming XMPP spam. For users of the Pidgin Windows XMPP client, they can go to "Tools > Privacy" and select the "Allow only the users on my buddy list" option. This option will block all users not on someone's buddy list from sending the user messages.
Another option would be to pay the 0.01 Bitcoin ($25) to remove yourself from All Base's lists, but nothing would guarantee the All Base crew would keep its promise.
A Flashpoint report released in April found that XMPP was the IM technology of choice for most of today's cyber-criminal underground. Skype also ranked pretty high but was usually employed by less sophisticated actors.
Expert hackers prefer XMPP over Skype and most other IM services because of its support for encrypted communications and Off-The-Record (OTR) messaging. Besides hackers, XMPP was also very popular with privacy activists.
If you're an XMPP user and you thought XMPP spam was a big issue until now, things are about to get much worse. Our friends from Vigilante.pw have told Bleeping Computer today that an unknown threat actor has dumped a list of over 17,700 XMPP IDs on an online text hosting service.
Based on Bleeping Computer's checks, the dumped list contains most of the IDs from this reporter's buddy list, including his own.
With such a big database of XMPP IDs available in the open, now every bored criminal looking for an extra profit can build his own XMPP spam service and rent it out to fellow crooks.