Malware Trend Report, Q April May June

Transcription

1 Malware Trend Report, Q April May June 5 August 2014 Copyright RedSocks B.V All Rights Reserved.

2 Table of Contents 1. Introduction Overview Collecting Malware Processing Identifying Malware Detecting Malware Classifying Malware Trends Adware Backdoors and Botnets Exploits Rootkits Trojans Worms Others Geolocation Final Word Appendix A: Detecting Malware Appendix B: Classifying Malware Page 1 of 26

3 Table of Figures Figure 1: Unique New Malicious Files... 5 Figure 2: Space Needed in GBs p/m for Storing New Files... 5 Figure 3: New Malicious Files in April... 7 Figure 4: New Malicious Files in May... 7 Figure 5: New Malicious Files in June... 8 Figure 6: Detected vs. Not Detected (April)... 8 Figure 7: Detected vs. Not Detected (May)... 8 Figure 8: Detected vs. Not Detected (June)... 8 Figure 9: Malware Classifications... 9 Figure 10: Amount of Identified Adware (Q2 2014) Figure 11: Amount of Identified Backdoors and Botnets (Q2 2014) Figure 12: Amount of Identified Exploits (Q2 2014) Figure 13: Amount of Identified Rootkits (Q2 2014) Figure 14: Amount of Identified Trojans (Q2 2014) Figure 15: Amount of Identified Worms (Q2 2014) Figure 16: Amount of Identified Other Malware (Q2 2014) Figure 17: Amount of Identified 64-bit Malware Figure 18: 64-bit Malware Q Figure 19: DexterPOS C&C (Map) Figure 20: JackPOS C&C (Map) Figure 21: AlinaPOS C&C (Map) Page 2 of 26

4 1. Introduction This is the second quarterly trend report for 2014 from the RedSocks Malware Research Lab. RedSocks is a Dutch company specialising in Malware detection. Our solution, RedSocks Malware Threat Defender, is a network appliance that analyses digital traffic flows in real-time, based on algorithms and lists of malicious indicators. This critical information is compiled by the RedSocks Malware Intelligence Team. The team consists of specialists whose job it is to identify new threats on the Internet and to translate them into state-of-the-art malware detection capabilities. With this report, we hope to provide the reader with a deeper insight into the trends we see in the Malware we process. In this report we will look at data collected during the second quarter of RedSocks analyses large numbers of malicious files on a daily basis, therefore we can cover only a few topics briefly in this trend report. Protecting your data from Internet-based threats is not an easy task and relying on protection from Anti-Virus companies, no matter how established their brand, is not enough. Comprehensive protection requires an entirely new approach. Page 3 of 26

5 2. Overview The total number of new and unique malicious files processed per month went from 7.1 million in April to 6.8 million in May, and up to 7.2 million in June. The overall detection by Anti-Virus software this quarter remains roughly the same compared to the last quarter. The detection rate for April was percent. For May, it is percent and in June, the average detection was percent. Which might not sound too bad, but it means that around 24 percent, 25 percent and 20 percent was not detected. There is a slight improvement compared with the first quarter. Please note that identification rates can change based on samples chosen and time scanned. During the second quarter, the number of identified Adware dropped from 1.2 million in April, to 1 million in May, to 0.9 million in June. In April, the number of identified Backdoors and Botnets was 243,000. In May this number dropped to 92,000; in June, the numbers dropped further to 68,000 new Backdoors and Botnets. Only 0.04 percent of the files were detected as Exploit and 0.25 percent as Rootkit in April by Anti-virus software. In May, 0.03 percent were detected as Rootkits and 0.05 percent as Exploits. For June it is 0.02 percent Exploits and 0.05 percent for the Rootkits. Like the first quarter of this year, Trojans are by far the most popular type of Malware. In April and May, they made up for 2.9 million. In June, 3.4 million unique files were identified as Trojans. The second most popular Malware was Worms. In April, 554,000 Worm files were identified. In May, the number dropped to 444,000 and kept dropping. In June, only 394,000 thousand worms were added to our databases. Grouped together, all other malicious files such as Flooders, HackTools, Spoofers, Spyware, Viruses, etc., make up for 31, 35, and 34 percent of the total for April, May, and June, respectively. As in the first quarter, most Command & Control (C&C) servers were hosted in the United States, followed by the Russian Federation. During the second quarter, Germany occupied the third place. The Netherlands was the biggest riser in countries hosting C&C servers going from 8 th place in March and April, to 6 th place in May, and finishing on 5 th place in June. Page 4 of 26

6 2.1. Collecting Malware At the RedSocks Malware Research Labs, we track large numbers of Malware from our global-distributed honeypots, honeyclients, spamnets, and through various botnet monitoring sensors. Due to the distribution of our Honeypots, we are able to automatically collect and process new malicious samples from across the globe. We also exchange large quantities of malicious files with the Anti-Virus industry. Figure 1: Unique New Malicious Files 2.2. Processing Working with Malware is what we love to do. More than 200,000 new malicious files arrive every day at our automated Malware collecting machines. All samples were renamed to their hash calculation. We check to see if that particular piece of Malware has already been processed. The picture on the right shows the total amount of disk space needed to store all the new malicious files. While the Figure 2: Space Needed in GBs p/m for Storing New Files numbers of new malicious files stayed more or less the same, the average file size decreased a little bit. During the second quarter, we saw that malicious files, on average, shrunk percent. New file metrics by month April May June Average number of new files per day 236, , ,528 Average file size in bytes 471, , ,308 Average Anti-Virus Detection 75.52% 74.61% 79.76% Page 5 of 26

7 2.3. Identifying Malware Although we collect all types and categories of Malware for all operating systems at RedSocks, we do have a special interest in certain types and categories of Malware. A simple means of identifying malware is by file type. RSMIT uses various analysis tools to determine the statistically most likely file type for each malware sample we analyse. The majority of malware samples target Windows users this causes Windows executable files to be very common while executables for other operating systems are far less common. The top 10 file types are listed in the tables below. April May June Extension Amount Extension Amount Extension Amount EXE 5,549,734 EXE 5,497,557 EXE 6,601,953 DLL 720,121 DLL 553,190 DLL 1,959,634 OCX 109,226 OCX 96,741 SCR 224,864 SCR 54,003 AX 69,730 OCX 201,857 AX 36,644 PDF 3,753 AX 144,237 XLS 5,661 XLS 3,218 DOC 57,450 DOC 4,287 DOC 2,310 PDF 2,378 PDF 4,073 CPL 1,517 XLS 1,681 CAB 1,280 CAB 1,247 CPL 1,598 CPL 1,433 DSK 483 CAB 996 In the second quarter of this year, we saw a total of 43, 41 and 47 different extensions being used by Malware, respectively. Like in the previous quarter,.exe files are by far the most popular way to distribute Malware. 81 percent of all malicious files in the second quarter were.exe files Detecting Malware Within the RedSocks Malware Labs, we use an in-house built classification system for grouping Malware. We have classified over 300 types for which we have created detailed statistics. Once multiple anti-virus scanners (in paranoid mode) have performed their on-demand scan, we know which Malware was detected and, perhaps more importantly, which was not. In the graph below, the blue section shows all the new and unique malicious files per day, the green section shows the sum of all files identified by Anti-Virus software and, in red, the number of files not detected. Page 6 of 26

8 Figure 3: New Malicious Files in April Figure 4: New Malicious Files in May Page 7 of 26

9 Figure 5: New Malicious Files in June Of all the malicious files we processed in April, on average 24 percent of them were not detected by any of the Anti-Virus products we currently use. In May, 25 percent of the samples on average remained undetected. In June, the Anti-Virus detection improved but still missed 20 percent of all malicious samples we processed. Figure 6: Detected vs. Not Detected (April) Figure 7: Detected vs. Not Detected (May) Figure 8: Detected vs. Not Detected (June) Page 8 of 26

10 2.5. Classifying Malware We categorise Malware according to its primary feature. In the second quarter, Malware was grouped as follows: The 'Other' category in 'All Malware' consists of malicious samples that do not fit in the six categories, such as 64-bit Malware, malicious Macros, Packed Malware, Riskware, Spamming Tools, Spoofers, Spyware, All kinds of (Hacking) Tools and the classic Viruses. See Appendix B for the numbers per day, per category and per month. Figure 9: Malware Classifications Page 9 of 26

11 3. Trends Discovering Malware propagation trends starts with an analysis of the raw data behind the collection and processing of Malware. From April to June, RedSocks Malware Research Labs identified the following trends by Malware category. New in this trend report is the Adware category Adware During the second quarter, we identified around three million files as Adware. This makes up for about 15 percent of the total. The overall popularity of Adware seems to have decreased somewhat. During the first quarter, we saw the opposite. Figure 10: Amount of Identified Adware (Q2 2014) Page 10 of 26

12 3.2. Backdoors and Botnets In the first two weeks of April, there was a huge distribution of variants from the Backdoor.Bot family. From the 4 th untill the 13 th of April we identified a little over 48,000 new members. Figure 11: Amount of Identified Backdoors and Botnets (Q2 2014) In the first week of May, we saw two backdoor families being widely distributed. The Backdoor.Nateyes.A, with almost 9,000 new members, and the Backdoor.Wabot.A, with a little over 14,000 new members. The last spike, on the 9 th of June, was mainly caused by almost 9,000 minor variants of the Backdoor:W32/Udr.gen! malware family. During the first quarter of 2014, the popularity of Backdoors-and-Botnets increased. The second quarter shows a decreasing trend in the use of Backdoors-and-Botnets. Page 11 of 26

13 3.3. Exploits An exploit is an attack on a computer system, especially one that takes advantage of a particular vulnerability. Looking at malicious files that were identified with exploits, we see several spikes above 250. Figure 12: Amount of Identified Exploits (Q2 2014) The first spike was mainly caused by variations of the Exploit.PDF-JS.Gen (175). Members of the Exploit.PDF-TTF.Gen family caused the second and third spike on the 3 rd and 6 th of May (67 and 71). Then, on the 13 th of May, we see 54 new variations of the Exploit:W32/Kakara.A. The last spike we want to mention here are 125 variations on the Exploit:W32/CVE B seen on the 29 th of May. A dozen exploits were seen for the Apple Macintosh OSX. All of them are slight modifications of the Exploit:OSX/MS09027.A (used to avoid Anti-Virus detection). During the first quarter of this year, the usage of exploits stayed more or less the same. In the second quarter, we saw a slight decrease in the overall usage of exploits. Page 12 of 26

14 3.4 Rootkits A rootkit is a type of software designed to hide the fact that an operating system has been compromised. This can be done in various ways; for example, by replacing vital executables or by introducing a new kernel module. Rootkits allow Malware to hide in plain sight. Rootkits themselves are not harmful; they are simply used to hide Malware, bots and worms. To install a rootkit, an attacker must first gain sufficient access to the target operating system. This could be accomplished by using an exploit, by obtaining valid account credentials or through social engineering. Because rootkits are activated before your operating system boots up, they are very difficult to detect, and therefore provide a powerful way for attackers to access and use the targeted computer without the owner being aware of it. Due to the way rootkits are used and installed, they are notoriously difficult to remove. Rootkits today are usually not used to gain elevated access, but are instead used to mask Malware payloads more effectively. Figure 13: Amount of Identified Rootkits (Q2 2014) There was only one rootkit worth mentioning during the second quarter, the Rootkit Distribution started on the 11 th and was last seen on the 16 th of April. A total of 7,321 new members were identified. In the first quarter, we saw a slight drop in rootkits. This drop continued in the second quarter. Page 13 of 26

15 3.5. Trojans Trojans are by far the biggest category of Malware. With more than 9.1 million new unique samples in the second quarter of this year, they amounted to 43 percent of the total. Figure 14: Amount of Identified Trojans (Q2 2014) Of all the Trojan families, we will only discuss the top three. At third place, we find Trojan.Inject.ARJ, with 155,000 different samples distributed over 14 days its best day was on the 11 th of June with almost 36,000. Second place is Trojan.Generic with 349,000 files spread over 71 days its best day was on the 12 th of May. Without doubt, the most distributed Trojan family is Trojan.Agent.BDMJ : in 16 days we counted nearly a half million new samples. AV-Identifier Total Amount First Seen Last Seen Best Day Amount Best Day Trojan.Agent.BDMJ 469, , Trojan.Generic , , Trojan.Inject.ARJ 155, , Days Seen The slight increase in Trojan use in the first quarter continued during the second quarter. Page 14 of 26

16 3.6. Worms In roughly 1.4 million new files, we identified worm traces and functionalities. The first spike above 60,000 is primarily caused by 44,000 samples of Win32.Worm.P2p.Picsys.C. On the 27 th of April Worm.Generic , Win32.Worm.P2p.Picsys.C and Win32.Worm.P2p.Picsys.B accounted for 51,000 samples. The last spike, on the last day of May, was again caused by Win32.Worm.P2p.Picsys.C this day we saw 84,000 files. Figure 15: Amount of Identified Worms (Q2 2014) AV-Identifier Total Amount First Seen Last Seen Best Day Amount Best Day Worm.Generic , ,615 1 Worm.Generic , ,477 1 Win32.Worm.P2p.Picsys.C 414, , Days Seen During the first quarter, the tendency of the worms decreased. In the second quarter, it stabilised again. Page 15 of 26

17 3.7. Others After grouping the adware, backdoors/botnets, exploits, rootkits and worms, we are still left with 3.4 million identified malicious files. This is 33 percent of the total detected by the Anti-Virus programs. Figure 16: Amount of Identified Other Malware (Q2 2014) We could fill many pages with graphs conveying the large number of malicious files detected. We would, however, like to share two graphs concerning 64-bit Malware. Figure 17: Amount of Identified 64-bit Malware Page 16 of 26

18 A closer look at the 35,000 identified 64-bit Malware reveals that, besides a handful samples of Backdoor.Win64.Winnti.B and Win64.Abul.A, we only saw members of the Win64.Expiro family. Figure 18: 64-bit Malware Q Recently, anti-virus laboratory discovered an interesting new modification of a file virus known as Expiro which targets 64-bit files for infection. However, the body of this versatile new modification is surprising because it is fully cross-platform, able to infect 32-bit and 64-bit files (also, 64-bit files can be infected by an infected 32-bit file). The virus aims to maximise profit and infects executable files on local, removable and network drives. As for the payload, this Malware installs extensions for the Google Chrome and Mozilla Firefox browsers. The Malware also steals stored certificates and passwords from Internet Explorer, Microsoft Outlook and from the FTP client FileZilla. Browser extensions are used to redirect the user to a malicious URL, as well as to hijack confidential information, such as account credentials or online banking information. The virus disables some services on the compromised computer including Windows Defender and Windows Security Center and can also terminate processes. Page 17 of 26

19 4. Geolocation We can see where the hotspots are located by plotting the Command & Control (C&C) servers with the most traffic and connections on a map. Over the past few months, a number of Malware families targeting Point of Sale (POS) systems got some media attention. First there was DexterPOS (first image below), then there was its sister, AlinaPOS (second image below) and more recently there was JackPOS (third image below). One of the most interesting threads of commonality between these samples is the command and control (C&C) structure used between them. Using a C&C communication channel for data exfiltration, while previously rare, has become more and more common in POS Malware. Figure 19: DexterPOS C&C (Map) Page 18 of 26

20 Figure 21: AlinaPOS C&C (Map) Figure 20: JackPOS C&C (Map) Page 19 of 26

21 During the first quarter of 2014, there were only minor changes at the top of the C&C landscape. Below, the top 10 countries from the first quarter of Top 10 Countries Hosting C&C January February March United States 1129 United States 1196 United States 1596 Russian Federation 472 Russian Federation 473 Russian Federation 424 Germany 282 United Kingdom 262 United Kingdom 261 United Kingdom 234 Germany 256 China 249 China 224 China 247 Germany 240 Turkey 196 Ukraine 201 Iran 179 Iran 191 Iran 170 Turkey 179 Ukraine 160 Turkey 150 Netherlands 147 Korea 134 Korea 129 Ukraine 132 Netherlands 125 Netherlands 116 Korea 128 In the second quarter, the United States still led followed by the Russian Federation. Germany dropped during the first quarter, but held third place during the second quarter. Top 10 Countries Hosting C&C April May June United States 1274 United States 1203 United States 1128 Russian Federation 453 Russian Federation 474 Russian Federation 490 Germany 289 Germany 236 Germany 257 China 226 United Kingdom 206 United Kingdom 200 United Kingdom 213 China 172 The Netherlands 184 Iran 185 The Netherlands 166 China 182 Turkey 142 Turkey 138 Turkey 133 The Netherlands 137 Korea 123 Korea 126 Korea 130 Ukraine 110 Iran 118 Ukraine 118 France and Sweden 107 Ukraine 113 Page 20 of 26

22 5. Final Word In the second quarter of 2014, the total number of new malicious files processed per month changed from 7.1 million in April, to 6.8 million in May, and up to 7.2 million in June. The average sample size in May was 3 percent smaller than in April. Moreover, in June, the average sample was even 9 percent smaller than in May. The overall detection by Anti-Virus software is comparable with the first quarter. In April, 24 percent of threats were not detected, in May 25 percent and in June 20 percent. Altogether, around 8.6 million malicious files were not detected during the second quarter. By grouping and classifying the identified Malware, we detected a decrease of popularity in 5 of the 7 main Malware categories during the second quarter. These five categories are Adware, Backdoors/Botnets, Exploits, Rootkits and Worms. The remaining two categories, Trojans and Others, increased. The most distributed Malware families per main category per month are: Category Family Total number Q2 Adware DomaIQ 655,690 Backdoors/Botnets Bot ,932 Exploit PDF-JS.Gen 1,248 Rootkits Rootkit ,321 Trojans Agent.BDMJ 469,414 Worms Picsys.C 414,002 Others Generic.Malware.FP!dldPk!.A3F6BED5 169,884 Within the top 10 of countries hosting C&C servers, the United States led the second quarter of 2014, followed by the Russian Federation and Germany. In March and April, China held the fourth place. In May and June, Chine dropped two places. While in March, the United Kingdom could be found at the third place in April it dropped to fifth place. Nevertheless, in May, the United Kingdom climbed up to fourth place and stayed there. The Netherlands is found at 8 th place at the end of quarter one. In May, it climbed to 6 th place and ended at 5 th place in June. Page 21 of 26

23 We hope you that you enjoyed our second Malware Trend Report of this year and that it may provide you with insight into the trends we have seen during the second quarter of We continue to innovate so please check back with us for our next trend report for the 3 rd quarter of Questions, comments and requests can be directed towards the RedSocks Malware Research Labs. G.J.Vroon Anti-Malware Behavioural Researcher RedSocks B.V. W: T: +31 (0) E: info@redsocks.nl Page 22 of 26

24 Appendix A: Detecting Malware April May June Day Files/day Detected Undetected Files/day Detected Undetected Files/day Detected Undetected 1 303, ,528 60, , ,424 60, , ,277 19, , ,474 73, , ,716 40, , ,795 79, , ,013 63, , ,390 36, , ,614 28, , ,181 46, , ,352 42, , ,512 38, , ,265 55, , ,392 56, , ,915 39, , ,935 63, , ,072 39, , ,851 30, , ,531 45, , ,430 46, , ,423 26, , ,300 53, , ,670 54, , ,761 54, , ,836 64, , ,697 53, , ,247 53, , ,691 46, , ,087 91, , ,629 44, , ,332 60, , ,625 87, , ,618 43, , ,098 58, , ,357 50, , ,506 55, , ,882 77, , , , , ,697 51, , ,051 42, ,203 96,594 42, , ,106 66, ,168 65,819 22, , ,625 86, , ,424 42, , ,240 51, , ,992 50, , ,047 71, , ,737 46, , ,615 68, , ,160 84, , ,172 45, , ,739 58, , ,094 66, , ,877 62, , ,076 59, , ,919 55, , ,589 88, ,511 82,669 43, , , , , ,447 44,064 94,432 73,421 21, , ,225 24, , ,055 68, ,639 90,488 33, , ,224 90, , ,411 63, , ,808 28, , ,215 45, , ,434 58, , ,524 68, , ,512 52, , ,751 76, , ,568 46, , ,441 45, , ,209 47, ,790 99,017 60, , ,835 22, , ,716 42, , ,021 56, , ,947 30, , ,664 59, , ,654 44, , ,855 33, , ,000 46, , ,135 31, , ,107 35, , ,596 43, , ,199 66, , ,605 42, , ,965 29,929 7,101,558 5,421,834 1,679,724 6,766,688 5,058,110 1,708,578 7,185,850 5,707,969 1,477,881 Page 23 of 26

25 Appendix B: Classifying Malware April Day Adware Backdoors Exploits Rootkits Trojans Worms Other 1 62,898 6, ,182 8, , ,748 1, ,411 7,206 34, ,841 2, ,173 4,671 35, ,215 1, ,703 2,712 35, ,000 5, ,271 10,736 52, ,740 15, ,062 10,291 50, ,303 19, ,171 13,430 38, ,136 11, ,949 28,201 67, ,097 32, ,936 5,298 59, ,987 27, ,206 5,811 58, ,677 11, ,877 9,652 53, ,251 11, , ,630 12,787 72, ,573 11, ,776 88,821 17,364 70, ,252 6, ,893 7,853 68, ,566 1, ,382 4,562 24, ,201 3, ,002 9,323 53, ,739 3, ,061 11,676 64, ,084 2, ,156 64,733 40, ,165 7, ,034 18,735 94, ,075 9, ,938 15, , ,440 3, ,032 8, , ,876 12, ,816 20, , ,172 2, ,973 7,153 71, ,982 4, ,249 7,277 63, ,273 7, ,702 21,924 91, ,630 3, ,276 34,258 76, ,698 2, ,286 37,070 53, ,974 8, ,900 99, , ,330 3, ,163 38, , ,835 4, ,383 10,637 94,287 Totals 1,215, ,084 3,158 17,678 2,878, ,058 2,189,188 Page 24 of 26

26 May Day Adware Backdoors Exploits Rootkits Trojans Worms Other 1 50,326 6, ,940 17,141 70, ,599 6, ,340 19,682 81, ,486 6, ,537 18, , ,936 8, ,239 18,160 83, ,631 11, ,610 21, , ,362 5, ,340 22,017 96, ,558 3, ,361 12,858 98, ,133 2, ,409 10,826 61, ,601 1, ,941 22,071 72, ,602 2, ,408 7,750 63, ,337 1, ,597 2,502 57, ,064 1, ,737 6,666 80, ,546 3, ,537 12, , ,974 1, ,585 2,984 42, ,874 1, ,432 6,220 69, ,872 1, ,252 5,160 79, ,675 2, ,846 6, , ,434 1, ,854 5,276 98, ,924 1, ,612 7,035 75, , ,542 2,691 59, , ,233 2,235 32, , ,644 7,371 46, ,611 1, ,756 7,965 59, ,672 1, ,254 13,688 96, ,172 2, ,006 6, , ,864 1, ,723 2,232 53, ,303 2, ,005 5,887 66, , ,249 11,676 67, ,026 1, ,881 13,793 74, ,290 4, ,455 41,582 80, , , ,167 30,294 Totals 966,216 92,205 3,423 2,332 2,908, ,803 2,349,961 Page 25 of 26

27 June Day Adware Backdoors Exploits Rootkits Trojans Worms Other 1 16,098 1, ,859 6,800 61, ,298 2, ,226 8,993 59, ,457 2, ,118 12,797 59, ,896 3, ,230 17,294 75, ,946 2, ,630 16,052 68, ,879 1, ,959 7,560 57, ,315 1, ,729 3,751 58, ,960 2, ,610 17,164 72, ,293 12, ,227 17,850 90, ,724 1, ,444 10,272 78, , ,284 6,011 47, ,722 4, ,676 10,740 78, ,768 2, ,974 7,819 79, ,395 4, ,731 15, , ,126 3, ,168 14,146 97, ,545 2, ,746 26,181 91, ,460 2, ,195 20,698 85, , ,087 11,200 52, ,121 1, ,852 18, , ,902 1, ,429 32, , ,054 1, ,306 13,374 39, ,757 1, ,612 15,737 96, , ,984 8,455 63, ,242 1, ,798 11,339 99, ,983 1, ,963 12,381 62, , ,080 7,004 54, ,340 1, ,227 7,261 44, ,358 1, ,548 6,820 63, , ,243 13, , ,743 1, ,117 16, ,097 Totals 907,020 68,226 1,540 3,545 3,362, ,797 2,476,483 Page 26 of 26

28 REDSOCKS RedSocks is a Dutch company specialised in malware detection. RedSocks supplies RedSocks malware threat defender as a network appliance. This innovative appliance analyses digital traffic flows in real time based on the algorithms and lists of malicious indicators compiled by the RedSocks Malware Intelligence Team. This team consists of specialists in identifying new threats on the internet and translating them into state-of-the-art malware detection. Boogschutterstraat 9C, 7324 AE Apeldoorn, The Netherlands Tel +31 (0) info@redsocks.nl Website