• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • March 5th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Security
Malware

ProxyBack Malware Converts Your PC Into Proxy

December 30th, 2015 Ryan De Souza Malware, Security 0 comments
ProxyBack Malware Converts Your PC Into Proxy
Share on FacebookShare on Twitter
Palo Alto Networks researchers have identified a unique malware that infects home PCs and transforms them into internet proxies using HTTP tunnel.

As per Palo Alto researchers, a Russian company’s domain is being used by attackers, which inherently is a patent Web proxy service.

The malware has been named ProxyBack and it was firstly discovered in March 2014 but its functioning has only recently been understood by researchers.

Palo Alto Networks experts believe that most educational institutes located in Europe have become the targets of this malware and regular home-use PCs are attacked for funneling internet traffic illegally.

These infected PCs aren’t used to hide the location of a hacker but are advertised as trusted proxy servers listed in an online proxy service that operate from Russian outskirts.

ProxyBack performs its task by firstly infecting a PC and creating a connection with the attacker controlled proxy server from where it receives commands and also the traffic that is to be routed to real web servers.

Every PC that ProxyBack infects becomes a bot inside a bigger network that is already being controlled by the attackers, who then send instructions through basic HTTP requests.

proxyback-malware-can-convert-your-computer-into-internet-proxy

  1. Until 23rd December 2015 ProxyBack has infected 11,149 computers.
  2. Every infected machine is given a unique ID parameter in the HTTP requests that are being sent from the C&C server.
  3. This number slowly gets incremented by one for every single machine.

Though the researchers couldn’t find any reliable electronic trail to identify the perpetrators that use the buyproxy.rudomain but they have discovered that IPs of some of the infected machines did appear in their online advertisement as IPs of some of the available proxy servers.

[fullsquaread][/fullsquaread]

Jeff White from Palo Alto Networks says:

“Whether the people behind ‘buyproxy[.]ru’ are responsible for the distribution of the ProxyBack malware or not is unknown; however, it is clear that the ProxyBack malware is designed for, and used in, their service.”

In the past, Palo Alto researchers exposed hackers exploiting Kaspersky and Microsoft products to install snooping malware on users PCs. The firm also identified YiSpecter, WireLurker and XcodeGhost malware in iOS devices and 

  • Tags
  • Computers
  • Cyber Crime
  • europe
  • Infosec
  • internet
  • IP
  • Malware
  • Proxy
  • security
Facebook Twitter LinkedIn Pinterest
Previous article Hacked Website of Connecticut University Caught Spreading Malware
Next article Microsoft is Collecting Your Encryption Keys, Here's How to Delete it
Ryan De Souza

Ryan De Souza

Ryan is a London-based member of the HackRead's Editorial team. A graduate of Maths and physics with a passion for geopolitics and human rights. Ryan places integrity at the pinnacle of successful journalism and believes this is somewhat lacking in traditional media. Ryan is an educator who balances his time between family, social activism and humanitarian causes and his vice is Football and cars.

Related Posts
IT Security firm Qualys extorted by Clop gang after data breach

IT Security firm Qualys extorted by Clop gang after data breach

Marketing firm CallX exposed customers data including call recordings

Marketing firm CallX exposed customers data including call recordings

Flaw allowed bypassing verification code, log in to any Microsoft account

Flaw allowed bypassing verification code, log in to any Microsoft account

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Top Russian hacker forums Maza, Verified hacked; data leaked online
Hacking News

Top Russian hacker forums Maza, Verified hacked; data leaked online

IT Security firm Qualys extorted by Clop gang after data breach
Cyber Crime

IT Security firm Qualys extorted by Clop gang after data breach

Marketing firm CallX exposed customers data including call recordings
Leaks

Marketing firm CallX exposed customers data including call recordings

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us