Other issues in this category (70)
Proxy servers serve criminals
Thursday, September 7, 2017
Maintaining their anonymity is vital for cybercriminals. What will happen if one user after another ends up on one of their bogus sites or virus-carrying emails and spam start arriving from the same address? Such addresses will quickly be blocked by all of today’s leading security software products, and the criminals involved will have to find new email accounts and new domain names for their sites. This is rather inconvenient, highly time consuming, and, perhaps, money consuming, too. And here proxy servers come to the criminal’s rescue.
A proxy server – is a server (or simply a node on the Internet) between your computer and a site you want to reach.
If a proxy server is used, all of your requests are first processed by the server which then relays them to the requested destination.
Consequently, the reply from the host will first reach the proxy server and then be transferred to your PC.
If a proxy server with a broadband connection is used for legitimate purposes, in some cases it can accelerate access to some sites. Also, with traffic being scanned on the server, end-point security increases.
But criminals are interested in a different proxy server feature. If you try to open a malicious link, you’ll see the address of a proxy server rather than that of a bogus site. Criminals may also opt for multiple proxy servers to make sure it is specifically they who end up getting blacklisted while their malicious site remains operational. Attackers will only need to specify new proxy server addresses for their Trojans or spam emails.
But how do they get so many computers to willingly operate as proxy servers and agree to be blacklisted? From other crooks, of course. Virus makers write special software that can turn computers into proxy servers. Once the infected PCs are sold to other crooks, user queries are relayed through the machines. Malicious proxy server software is available for all platforms, including Windows, Mac, Linux, and Android…
Typically, virus writers install three types of malware on compromised Linux devices. These include Trojans used to mount DDoS attacks, proxy server applications (used by attackers to maintain their anonymity), and Trojans and scripts that download other malware.
Graph showing how many attacks were carried out by the Trojan Linux.ProxyM
Android.SockBot.1, which managed to infiltrate Google Play, turned infected devices into proxy servers that enabled attackers to anonymously connect to other network-connected remote devices. In addition, it enabled criminals to redirect traffic, steal confidential information, and orchestrate DDoS attacks on various servers on the Internet.
How many malicious programs that can turn devices into proxy servers are actually known to exist? Let's check by going to updates.drweb.com: on the very day this issue was being written Linux.ProxyM.10, Trojan.Proxy2.159, Program.3Proxy.224, Tool.Proxy.2548, Tool.Proxy.2549 were discovered. And so it goes every day!
Proxy servers can also be used to spoof traffic. If your router or personal computer gets infected by this kind of malware, attackers will be able to change the contents of the sites you visit.
The Anti-virus Times recommends
Compared with encryption ransomware, malicious proxy servers appear pretty harmless. But don't forget that if your PC or handheld ends up as a malicious proxy server, it will run slower, use more traffic, and may end up on blacklists.
And don't expect that all the attackers will want to do is run a proxy server on your infected device. As a rule, modern Trojans are multi-taskers and try to make the most of each successful infection.
That’s why you must use an anti-virus, and if problems occur (e.g., system performance decreases), contact your technical support service.