Symantec: Proxy Service Users Ends up with Malware
A number of users who signed up for an reasonably-priced proxy service with the name of proxybox.name are leading towards the installment of a Trojan horse that can be connected to a botnet on their computers, as per the security firm Symantec.
The investigation began with an authentic-looking Russian website that promotes the access to thousands of proxies for a extremely low monthly fee that could be paid through Web Money, Liberty Reserve, and Robokassa. Proxy services are frequently employed towards covering a location and sending incognito information.
Shedding light on the work of the malware, Symantec Researcher, Joseph Bingham claimed that the dropper installed the payload as a service on the computer that can shift the payload executable to the system while installing the root kit. The root kit attempts to put aside the spiteful payload and all additional files associated with the threat to surge the threat's persistence. The root kit equipment a novel method to neglect device-stack file scanning. The payload itself is a DLL, which is executed when the computer starts and behaves as a low-level proxy service that penetrates the compromised computer into a large botnet utilized for funneling traffic, as published by Symantec.com on October 8, 2012.
When the computer begins, the payload associate a hard-coded server address and appeal for a set of PHP pages to arrange itself, set up backup command servers, test connection speed, and set up client authentication. The command server's provides many peer servers to use as backups, runs a speed check on the corrupted computer, and assigns a password for an alternative authentication. Assessment of the command server also created a lot of public PHP pages that provided statistic on the botnet also as database credentials.
A Quicker inspection of the command-and-control server display the botnet maintains some 40,000 users online at any time. Endorsement for Proxybox.name appears on four other websites all of which are connected to the same author.
Symantec revealed the uniqueness of the individual it fingered as being concerned in some of the financial operations through Web Money payment system, but an unpredicted copy of the same page suggests that the person could be Kramarenko Bogdan Yurievich.
Related article: Symantec Reports: Microsoft’s Vulnerability genesis of New Worm
» SPAMfighter News - 16-10-2012