ID: IRCNE2012101637
Date: 2012-10-09
According to “CNet”, a black hat Russian operation has served malware to hundreds of thousands of users a year who thought they were signing up for a paid proxy service, Symantec said today.
The security company said in a blog post that it has linked the malware to a cluster of Russian Web sites -- including one called Proxybox.name -- that claim to provide proxy access, VPN services, and antivirus scanning. Proxybox.name requires users to download what it calls "functional, simple, and convenient" proxy software.
Vikram Thakur, principal manager at Symantec Security Response, told CNET this afternoon that:
What the Web site doesn't speak of is how they proxy traffic i.e. where will the client traffic be channeled through? What we see is that the operation of the service has made use of malware that installs a proxy component on unsuspecting users' computers. Unsuspecting users get a piece of malware installed on their computer which makes them available to the proxy service's botmaster commands.
Once a computer is compromised, it connects to a remote server that sends it a series of PHP pages that it uses to automatically configure itself. Then it will be enlisted in a botnet that relies on about 40,000 simultaneous computers.
- 5