Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
Botnet Security

ProxyBack Malware Turns Infected Computers into Internet Proxies ( 71

An anonymous reader writes: A new malware family called ProxyBack infects PCs and transforms them into a Web proxy. ProxyBack malware works by infecting a PC, establishing a connection with a proxy server controlled by the attackers, from where it receives instructions, and later the traffic it needs to route to actual Web servers. Each machine infected with ProxyBack works as a bot inside a larger network controlled by the attackers, who send commands and update instructions via simple HTTP requests. Some of the people infected with this malware, mysteriously found their IP listed on the Web proxy service.A technical write-up of the infection steps and various malware commands is available on the Palo Alto Networks blog.
This discussion has been archived. No new comments can be posted.

ProxyBack Malware Turns Infected Computers into Internet Proxies

Comments Filter:
  • Why is this news? (Score:4, Insightful)

    by xxxJonBoyxxx ( 565205 ) on Monday December 28, 2015 @11:10PM (#51199593)

    Rooting a computer for the purpose of making it a proxy or a zombie to probe or attack other hosts has been a core goal of attackers for at least 20 years now. What makes this discovery special?

    • Re:Why is this news? (Score:4, Informative)

      by bengoerz ( 581218 ) on Tuesday December 29, 2015 @12:29AM (#51199875)
      This method of monetizing a botnet by openly selling proxy access is rather unusual. It's a departure from the old standbys: clickfraud and randsomware.
      • by darkain ( 749283 )

        Only if you're new to the game, perhaps? But compromised proxy lists for purchase were around back in the '90's... How is this any different now?

      • purchase and rent of botnets has been common for years, there is a large market for this and it isn't new.
      • Openly? Hardly. No sir, you have somehow accidentally stumbled upon the russian darkwebs.
    • Did you read the entire summary? This is not a regular proxy from where hackers can hide attacks, this is a proxy in a Web proxy service listed online, where dumb dumbs like us went to hide our IP before Tor came around.
      • What's the difference?
        • Instead of one bad guy using your PC to hide his location... you have 3000 porn addicts funneling tranny and child pr0n traffic through your PC. :))))
      • >> Did you read the entire summary?

        Hell no. This is SlashDot. I read the headline, glanced at the first line of the summary and then started to type my comment. :P

  • and what's this proxy he's bringing?
  • I wouldn't have expected that in a million years!

  • by Anonymous Coward

    How is this anything different than botnets and the like that have been around for years? Slahdot reporting in!

  • FTFY FTW (Score:5, Informative)

    by Zero__Kelvin ( 151819 ) on Tuesday December 29, 2015 @12:14AM (#51199829) Homepage

    "A new malware family called ProxyBack infects PCs [] and servers [] running Microsoft Windows and transforms them into a Web proxy. As usual, PCs * running all other Operating Systems, including but not Limited to Linux, Android, iOS, and OS X are not vulnerable.


    I find it interesting that the article never mentions Windows in the text, or that it only runs on Windows, as indicated in the graphics. The word Windows appears 16 times (at least) but zero times in a searchable format.

    * Some people claim that the term PC refers specifically to a system with Windows. Their argument invariably represents an ignorance with respect to the history of both Microsoft and the various PCs.

  • Since it is somewhat unlikely that these proxies are going to be used to promote freedom of speech in countries where such a thing is unknown and rather for, let's say, less benign reasons, we may already wait for the first raids on infected machines that happened to be used to get access to child porn or even copyrighted content.

    It just might make people consider that securing their machines could possibly, just maybe, be in their own interest.

  • It occurred to me that one thing we haven't seen yet (or maybe?) is some sort of malware or Trojan that infects computers to run as exit nodes for TOR.

    Imagine how that would affect the overall TOR network.

1 Mole = 007 Secret Agents