ProxyBack Malware Turns Infected Computers into Internet Proxies

An anonymous reader writes: A new malware family called ProxyBack infects PCs and transforms them into a Web proxy. ProxyBack malware works by infecting a PC, establishing a connection with a proxy server controlled by the attackers, from where it receives instructions, and later the traffic it needs to route to actual Web servers. Each machine infected with ProxyBack works as a bot inside a larger network controlled by the attackers, who send commands and update instructions via simple HTTP requests. Some of the people infected with this malware, mysteriously found their IP listed on the buyproxy.ru Web proxy service.A technical write-up of the infection steps and various malware commands is available on the Palo Alto Networks blog.

FTFY FTW

[Zero__Kelvin]

"A new malware family called ProxyBack infects PCs and servers running Microsoft Windows and transforms them into a Web proxy. As usual, PCs * running all other Operating Systems, including but not Limited to Linux, Android, iOS, and OS X are not vulnerable.

FTFY

I find it interesting that the article never mentions Windows in the text, or that it only runs on Windows, as indicated in the graphics. The word Windows appears 16 times (at least) but zero times in a searchable format.

* Some people claim that the term PC refers specifically to a system with Windows. Their argument invariably represents an ignorance with respect to the history of both Microsoft and the various PCs.

Re:Why is this news?

[bengoerz]

This method of monetizing a botnet by openly selling proxy access is rather unusual. It's a departure from the old standbys: clickfraud and randsomware.