- Oct 23, 2012
- 12,527
Clues point the finger at buyproxy.ru operators
Researchers have discovered a new type of malware that infects home computers and turns them into Internet proxies. Palo Alto Networks, the security company that discovered this malware, thinks users' PCs are being used by a Russian company inside their Web proxy service.
Named ProxyBack, this malware was first observed in March 2014, but only recently have security researchers managed to understand how it works.
ProxyBack malware used as an HTTP tunnel for an Internet proxy service
According to Palo Alto experts, the malware has infected in most cases educational institutes in Europe, and targets regular PCs, transforming them into Internet proxies while illegally using them to funnel Internet traffic.
Infected machines are not used to disguise the location of a cyber-crook, but as security researchers explain, they are advertised as reliable proxy servers listed in an online proxy service operated out of Russia.
ProxyBack malware works by infecting a PC, establishing a connection with a proxy server controlled by the attackers, from where it receives instructions, and later the traffic it needs to route to actual Web servers.
Each machine infected with ProxyBack works as a bot inside a larger network controlled by the attackers, who send commands and update instructions via simple HTTP requests.
Researchers have discovered a new type of malware that infects home computers and turns them into Internet proxies. Palo Alto Networks, the security company that discovered this malware, thinks users' PCs are being used by a Russian company inside their Web proxy service.
Named ProxyBack, this malware was first observed in March 2014, but only recently have security researchers managed to understand how it works.
ProxyBack malware used as an HTTP tunnel for an Internet proxy service
According to Palo Alto experts, the malware has infected in most cases educational institutes in Europe, and targets regular PCs, transforming them into Internet proxies while illegally using them to funnel Internet traffic.
Infected machines are not used to disguise the location of a cyber-crook, but as security researchers explain, they are advertised as reliable proxy servers listed in an online proxy service operated out of Russia.
ProxyBack malware works by infecting a PC, establishing a connection with a proxy server controlled by the attackers, from where it receives instructions, and later the traffic it needs to route to actual Web servers.
Each machine infected with ProxyBack works as a bot inside a larger network controlled by the attackers, who send commands and update instructions via simple HTTP requests.
