Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Symantec: Proxy Service Users Ends up with Malware

A number of users who signed up for an reasonably-priced proxy service with the name of proxybox.name are leading towards the installment of a Trojan horse that can be connected to a botnet on their computers, as per the security firm Symantec.

Researchers at Symantec reverse engineered the Trojan, called Backdoor.Proxybox malware and uncover a major black hat operation and perhaps the actual malware developer.

The investigation began with an authentic-looking Russian website that promotes the access to thousands of proxies for a extremely low monthly fee that could be paid through Web Money, Liberty Reserve, and Robokassa. Proxy services are frequently employed towards covering a location and sending incognito information.

Shedding light on the work of the malware, Symantec Researcher, Joseph Bingham claimed that the dropper installed the payload as a service on the computer that can shift the payload executable to the system while installing the root kit. The root kit attempts to put aside the spiteful payload and all additional files associated with the threat to surge the threat's persistence. The root kit equipment a novel method to neglect device-stack file scanning. The payload itself is a DLL, which is executed when the computer starts and behaves as a low-level proxy service that penetrates the compromised computer into a large botnet utilized for funneling traffic, as published by Symantec.com on October 8, 2012.

When the computer begins, the payload associate a hard-coded server address and appeal for a set of PHP pages to arrange itself, set up backup command servers, test connection speed, and set up client authentication. The command server's provides many peer servers to use as backups, runs a speed check on the corrupted computer, and assigns a password for an alternative authentication. Assessment of the command server also created a lot of public PHP pages that provided statistic on the botnet also as database credentials.

A Quicker inspection of the command-and-control server display the botnet maintains some 40,000 users online at any time. Endorsement for Proxybox.name appears on four other websites all of which are connected to the same author.

Symantec revealed the uniqueness of the individual it fingered as being concerned in some of the financial operations through Web Money payment system, but an unpredicted copy of the same page suggests that the person could be Kramarenko Bogdan Yurievich.

Related article: Symantec Reports: Microsoft’s Vulnerability genesis of New Worm

» SPAMfighter News - 10/16/2012

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page