Malware discovered that sets up anonymous proxies on infected PCs

Malware discovered that sets up anonymous proxies on infected PCs

By Lee Mathews Dec. 29, 2015 2:32 pm proxyback
http://www.geek.com/news/malware-discovered-that-sets-up-anonymous-proxies-on-infected-pcs-1643291/

Malware is capable of doing all kinds of nasty things, from hijacking search results to emptying a Bitcoin wallet. Now a strain has been discovered that turns infected machines into anonymous proxy hosts.

Security researchers at Palo Alto networks reported on the malware recently. They’re calling it ProxyBack, and its purpose seems to be to get around obstacles that might normally derail proxy traffic, like software and hardware firewalls. It does that by creating a reverse tunnel on a compromised system, which allows requests to pass through undetected.

Palo Alto says that the infected systems they monitored showed a significant amount of traffic flowing through, and that it appeared to be a mix of both harmless, ordinary surfing and malicious activity. Some of the more nefarious traffic originated from an automated system that was setting up bogus accounts on sites like Match.com, OKcupid, eBay, Craigslist, and Facebook.

That seems to have convinced Palo Alto’s engineers that ProxyBack is likely to be connected to a subscription proxy service. In their blog post they single out buyproxy.ru, which claims to route user traffic using “proprietary technology of traffic tunneling.” Presumably that’s what they call tunneling it through machines who’s users have no idea they’re part of the ProxyBack infrastructure.

Whether or not buyproxy.ru have anything to do with its spread, Palo Alto is certain that the malware “is designed for and used in their service.” How are they so certain? Because some of the victim machines they were watching showed up as options on buyproxy’s list of available private proxy servers.

Leave a Reply