Yep, Andy is likely spot on with the assessment. The person who did this was likely using a malware kit, and simply paid a little bit of money for it. Then a bit of money paid for an IP scanner, or a preexisting list.

I do tend to feel bad for the people doing this, as indeed the amount of money to them is a massive compared to the smaller value in the US/EU/AU regions. A group of Russian game crackers broke the basic protections shipped with Darksiders 1, reverse engineered the text localization system, and wrote the translation for their language. To make their time worth it, they turned around and sold the game as a pirate copy in various markets around Russia. Copies of the game were cheap in US or EU currencies, and it did well. THQ took that info, and ensured resources were allocated to translating future games and supporting that market directly, including selling the official copies much cheaper then in the west. Metro 2033 was a game developed by a Ukrainian development shop, and managed to do well on the more global market. It's a shame that game piracy in the west has a part in hindering game studios from being able to grow and support markets like Russia. I'd love to see game developers come up from many more regions around the world, to let more people express themselves and experiences through a very unique art medium.


Anyhow, back to the exploit discussion.

Tony F. shared this elsewhere, showing how the scanning game is changing with the adoption of IPv6. http://arstechnica.com/security/2016/02/...other-scanners/

IPv4 address space can be reasonably be searched in it's entirety with ease. IPv6, not so much. Triggering scans to known in use IPv6 addresses is already leading to black market lists being maintained and sold/traded.