ProxyBack Malware Transforms Contaminated PCs into Bots Working as Internet Proxies

According to researchers from security firm Palo Alto Networks, they have found one fresh kind of malware, which is called ProxyBack, contaminating home PCs, while converting the devices into proxy machines on the Internet. A Russian organization is using users' computers within its Web proxy operation, softpedia.com reported, December 26, 2015.

The first time ProxyBack was noticed during March 2014, security researchers couldn't make out the malware's working, until recently.

Palo Alto's researchers state that the malware's infection hit Europe's educational institutions within most instances. It attacks consumers' computers to turn them into proxy servers and illegitimately utilizes them for channeling e-traffic.

Specifically, ProxyBack's function is to infect a computer, make the device's connection with an attacker controlled proxy server, which would give commands to the device followed with sending it the traffic that it would require transmitting to the desired servers on the Web.

The contaminated PCs are canvassed to be dependable servers within an Internet service that works like a proxy service while functioning outside Russia. The computers contaminated with ProxyBack functions like a bot within an enormous network under command of the attackers transmitting instructions and giving the latest directions through least complex HTTP requests.

Until now, Palo Alto researchers couldn't detect any real electronic track for locating the operators of buyproxy.ru domain. All that they detected was that certain contaminated PCs' IPs came within their Internet service fulfilling to be IPs for a few proxy servers from the total available.

Meanwhile, a domain utility buyproxy.ru spreads the information that it runs 700-3,000 proxy servers daily. The incoming connections handled with one "backend proxy" are subsequently transmitted onto temporary proxies, which work with separate IP addresses. Thus forms the ProxyBack command-and-control infrastructure along with its bot.

According to Jeff White of Palo Alto, it isn't known if the gang responsible for 'buyproxy[.]ru' is actually the one disseminating ProxyBack malware; nevertheless, it's pretty discernible that ProxyBack has been created for as well as utilized within their operation.

Within such circumstances or spread of various malicious programs, which inundate the Internet, it's recommended that end-users run strong anti-virus programs for maintaining their computers' health.

» SPAMfighter News - 12/31/2015