Security News

Russian national pleads guilty to building now-dismantled IPStorm proxy botnet
2023-11-14 23:23

The FBI says it has dismantled another botnet and collared its operator, who admitted hijacking tens of thousands of machines around the world to create his network of nodes. Sergei Makinin, a Russian and Moldovan national, was cuffed in Florida in January and sent to Puerto Rico, where he pleaded guilty [PDF] in September, details of which were only publicized today by the US Department of Justice.

Socks5Systemz proxy service infects 10,000 systems worldwide
2023-11-05 15:17

A proxy botnet called 'Socks5Systemz' has been infecting computers worldwide via the 'PrivateLoader' and 'Amadey' malware loaders, currently counting 10,000 infected devices. Socks5Systemz is detailed in a report by BitSight that clarifies that the proxy botnet has been around since at least 2016 but has remained relatively under the radar until recently.

Squid games: 35 security holes still unpatched in proxy after 2 years, now public
2023-10-13 00:21

35 vulnerabilities in the Squid caching proxy remain unfixed more than two years after being found and disclosed to the open source project's maintainers, according to the person who reported them. Squid is a caching and forwarding HTTP web proxy that is very widely used by ISPs and website operators.

Reaper: Open-source reconnaissance and attack proxy workflow automation
2023-09-05 03:00

Reaper is an open-source reconnaissance and attack proxy, built to be a modern, lightweight, and efficient equivalent to Burp Suite/ZAP. It focuses on automation, collaboration, and building universally distributable workflows. Reaper is a work in progress, but it's already capable of much.

This Malware Turned Thousands of Hacked Windows and macOS PCs into Proxy Servers
2023-08-21 10:09

Threat actors are leveraging access to malware-infected Windows and macOS machines to deliver a proxy server application and use them as exit nodes to reroute proxy requests. According to AT&T Alien Labs, the unnamed company that offers the proxy service operates more than 400,000 proxy exit nodes, although it's not immediately clear how many of them were co-opted by malware installed on infected machines without user knowledge and interaction.

Massive 400,000 proxy botnet built with stealthy malware infections
2023-08-16 15:31

Researchers have uncovered a massive campaign that delivered proxy server apps to at least 400,000 Windows systems. Some proxy companies sell access to residential proxies and offer monetary rewards to users who agree to share their bandwidth.

Macs are getting compromised to act as proxy exit nodes
2023-08-14 10:57

AdLoad, well-known malware that has been targeting systems running macOS for over half a decade, has been observed delivering a new payload that - unbeknown to the owners - enlisted their systems into a residential proxy botnet. "Alien Labs has identified over 10,000 IPs reaching out to the proxy servers each week that have the potential to be proxy exit nodes. It is unclear if all these systems have been infected or are voluntarily offering their systems as proxies, but it could be indicative of a bigger infection globally."

AVRecon Botnet Leveraging Compromised Routers to Fuel Illegal Proxy Service
2023-07-31 09:25

More details have emerged about a botnet called AVRecon, which has been observed making use of compromised small office/home office routers as part of a multi-year campaign active since at least May 2021. AVRecon was first disclosed by Lumen Black Lotus Labs earlier this month as malware capable of executing additional commands and stealing victim's bandwidth for what appears to be an illegal proxy service made available for other actors.

WhatsApp Upgrades Proxy Feature Against Internet Shutdowns
2023-06-30 09:04

Meta's WhatsApp has rolled out updates to its proxy feature, allowing more flexibility in the kind of content that can be shared in conversations. Support for proxy servers was officially launched by the messaging service earlier this January, thereby helping users circumvent government-imposed censorship and internet shutdowns and obtain indirect access to WhatsApp.

Here's a list of proxy IPs to help block KillNet's DDoS bots
2023-02-06 21:00

A free tool aims is helping organizations defend against KillNet distributed-denial-of-service bots and comes as the US government issued a warning that the Russian cybercrime gang is stepping up its network flooding attacks against hospitals and health clinics. At current count, the KillNet open proxy IP blocklist lists tens of thousands of proxy IP addresses used by the Russian hacktivists in their network-traffic flooding events.