Slashdot Mirror

← Back to Stories (view on slashdot.org)

ProxyBack Malware Turns Infected Computers into Internet Proxies (softpedia.com)

Posted by samzenpus on from the resistance-is-futile dept.

An anonymous reader writes: A new malware family called ProxyBack infects PCs and transforms them into a Web proxy. ProxyBack malware works by infecting a PC, establishing a connection with a proxy server controlled by the attackers, from where it receives instructions, and later the traffic it needs to route to actual Web servers. Each machine infected with ProxyBack works as a bot inside a larger network controlled by the attackers, who send commands and update instructions via simple HTTP requests. Some of the people infected with this malware, mysteriously found their IP listed on the buyproxy.ru Web proxy service.A technical write-up of the infection steps and various malware commands is available on the Palo Alto Networks blog.

16 of 71 comments (clear)

  1. Why is this news? by xxxJonBoyxxx · · Score: 3, Insightful

    Rooting a computer for the purpose of making it a proxy or a zombie to probe or attack other hosts has been a core goal of attackers for at least 20 years now. What makes this discovery special?

    1. Re:Why is this news? by bengoerz · · Score: 3, Informative

      This method of monetizing a botnet by openly selling proxy access is rather unusual. It's a departure from the old standbys: clickfraud and randsomware.

    2. Re:Why is this news? by darkain · · Score: 1

      Only if you're new to the game, perhaps? But compromised proxy lists for purchase were around back in the '90's... How is this any different now?

    3. Re:Why is this news? by bloodhawk · · Score: 1

      purchase and rent of botnets has been common for years, there is a large market for this and it isn't new.

    4. Re:Why is this news? by h33t+l4x0r · · Score: 1

      Openly? Hardly. No sir, you have somehow accidentally stumbled upon the russian darkwebs.

    5. Re:Why is this news? by campuscodi · · Score: 1

      Did you read the entire summary? This is not a regular proxy from where hackers can hide attacks, this is a proxy in a Web proxy service listed online, where dumb dumbs like us went to hide our IP before Tor came around.

    6. Re:Why is this news? by h33t+l4x0r · · Score: 1

      What's the difference?

    7. Re:Why is this news? by campuscodi · · Score: 1

      Instead of one bad guy using your PC to hide his location... you have 3000 porn addicts funneling tranny and child pr0n traffic through your PC. :))))

    8. Re:Why is this news? by xxxJonBoyxxx · · Score: 1

      >> Did you read the entire summary?

      Hell no. This is SlashDot. I read the headline, glanced at the first line of the summary and then started to type my comment. :P

  2. is this Timberlake's idea? by turkeydance · · Score: 1

    and what's this proxy he's bringing?

  3. ProxyBack Malware makes proxies? by SeaFox · · Score: 1

    I wouldn't have expected that in a million years!

  4. Huh? by Anonymous Coward · · Score: 1

    How is this anything different than botnets and the like that have been around for years? Slahdot reporting in!

  5. Re: This is the future Republicans... by rubycodez · · Score: 1

    Republicans like Bill Gates? 8D

  6. FTFY FTW by Zero__Kelvin · · Score: 5, Informative

    "A new malware family called ProxyBack infects PCs and servers running Microsoft Windows and transforms them into a Web proxy. As usual, PCs * running all other Operating Systems, including but not Limited to Linux, Android, iOS, and OS X are not vulnerable.

    FTFY

    I find it interesting that the article never mentions Windows in the text, or that it only runs on Windows, as indicated in the graphics. The word Windows appears 16 times (at least) but zero times in a searchable format.

    * Some people claim that the term PC refers specifically to a system with Windows. Their argument invariably represents an ignorance with respect to the history of both Microsoft and the various PCs.

    --
    Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
  7. Ohhh, this is going to be fun! by Opportunist · · Score: 1

    Since it is somewhat unlikely that these proxies are going to be used to promote freedom of speech in countries where such a thing is unknown and rather for, let's say, less benign reasons, we may already wait for the first raids on infected machines that happened to be used to get access to child porn or even copyrighted content.

    It just might make people consider that securing their machines could possibly, just maybe, be in their own interest.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  8. Tor Exit server Zombie Malware by Danathar · · Score: 1

    It occurred to me that one thing we haven't seen yet (or maybe?) is some sort of malware or Trojan that infects computers to run as exit nodes for TOR.

    Imagine how that would affect the overall TOR network.