The Darkode malware forum for sale and exchange, returned two weeks ago after its closure by the FBI.
The English-speaking forum was founded in 2007, and has since been a major player in underground online crime, as its members sell and buy zero-day, malware, trojans, and stolen credit card numbers.
The website went down earlier this month when the FBI and the European Cybercrime Center took it down, saying at least 28 users and administrators from 20 countries had been arrested.
But today the forum seems to be online again. Indeed, the Darkode administrator, also known as Sp3cial1st, confirmed the credibility of the new site to the researcher MalwareTech.
The researcher confirmed that Sp3cial1st disclosed information which only the two of them knew. “It's definitely legit,” reports MalwareTech.
The Darkode.cc domain has been functioning since today, and has already registered most mods and senior members. It uses the Tor routing service to provide its users with unique website addresses, as Sp3cial1st says on the new site.
"It seems that the raids focused on people who were recently added or people who have been out of the scene for many years," says Sp3cial1st.
"The forum will be on onion, and will only be accessible by invitation, first to members we can confirm are still active."
"Each user it will have its own onion, and forum identity, which will be done through the Blockchain API.”
Sp3cial1st also reports that the new forum will only store a user's BTC's hash, a Wallet, and a nickname.
The administrator warns that anyone who claims to be a non-invited member is a fraudster and that all users who joined the old Darkode in the last eight months should be considered trusted aka unreliable.
Of course, we should mention that this move, two weeks after the forum was closed, is quite suspicious. After all, the FBI's technique of fabricating is well known honeypots and wait for those interested.
