Anonymous Proxies on Infected PCs

By   ISBuzz Team
Writer , Information Security Buzz | Dec 31, 2015 05:30 pm PST

A strain of malware has been discovered that turns infected machines into anonymous proxy hosts. Lamar Bailey, leader of Tripwire’s vulnerability and exposures research team have the following comments on it.

[su_note note_color=”#ffffcc” text_color=”#00000″]Lamar Bailey, Vulnerability and Exposures Team Leader at Tripwire :

“Proxys and VPNs have become very popular. Many of the users are at work or on the public Internet and use the technologies to bypass content filtering or keep their traffic private.

“Because of this trend, we are seeing an increase of inexpensive or free services, and many of these services monitor the traffic for credentials or install malware on a user’s system. A malicious proxy or VPN can also reroute traffic to malicious or fake sites to further exploit systems. End users should be wary of free or overly inexpensive VPN and Proxy services and should only use companies they trust. Proxyback takes this a bit further and installs a proxy on the victim’s machine so that other user’s traffic is routed through the infected machine. Proxyback can be used by malicious actors to bounce their traffic through multiple systems making it almost impossible to track back the source.

“The best way to detect a system is being used as a proxy is to monitor traffic both inbound and outbound, but this is not something done by most end users who just plug into their Internet providers modem and assume the provider is protecting them. If users that want more protection, they can make a small investment in a hardware UTM (Unified Threat Management) device or some of the free software options from trusted vendors.”[/su_note][su_box title=”About Tripwire” style=”noise” box_color=”#336588″]Tripwire logoTripwire is a leading provider of advanced threat, security and compliance solutions that enable enterprises, service providers and government agencies to confidently detect, prevent and respond to cybersecurity threats. Tripwire solutions are based on high-fidelity asset visibility and deep endpoint intelligence combined with business-context and enable security automation through enterprise integration. Tripwire’s portfolio of enterprise-class security solutions includes configuration and policy management, file integrity monitoring, vulnerability management and log intelligence.[/su_box]