Malware-infected computers being rented as proxy servers on the black market

Researchers have identified a Trojan program that turns infected computers into SOCKS proxy servers to which access is then sold

By Lucian Constantin, IDG News Service |  Security

The Proxybox malware is distributed in a variety of ways, including through drive-by download attacks launched from compromised websites that host commercial exploit toolkits like Blackhole, Bingham said.

Advertisements for the Proxybox service seen on underground forums were linked to ads for other black market websites that offer VPN (virtual private network), private antivirus scanning or proxy testing services and offer the same ICQ contact number and payment methods: WebMoney, Liberty Reserve and RoboKassa.

"We started to look into the payment accounts associated with these websites, and found out that they were tied to an individual with a Ukrainian name living in Russia," Bingham said. "The additional details associated with this WebMoney account are undisclosed as we work with law enforcement in countries associated with the command-and-control servers."

The risks for users whose computers are infected with Backdoor.Proxybox are significant. Because of the unauthorized proxy servers running on their systems, their IP addresses might be involved in a lot of illegal activities without their knowledge.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness