Anonymisation service uses botnet as proxies
Anonymization service AWM Proxy rents computers infected with the TDL4 bot for use as proxies, according to a report by a security expert. Starting at $3 per day, users can have their data traffic directed through the bot network to surf the Internet anonymously with other people’s IPs. The researcher said the provider has been in business since the beginning of 2008. A Firefox extension reportedly facilitates configuration and use. The firm said it does not save any log files about its users’ activities. If the proxy user views illegal content, or uses the anonymized connection to spread terror threats, the owner of the infected system could face legal consequences. To prove they did not commit these illegal actions themselves, they will first have to find the rootkit deep down in their system. Among other things, it implements its own encrypted file system; its rootkit functions even work on 64-bit Windows. However, the proxy module is only one of the bot’s functions. Once the virus has settled down in a user’s system, the botnet operator can load and execute files on an infected computer — so TDL4 can be used to send spam or in DDoS attacks. Online banking sessions might also be vulnerable.
Source: http://www.h-online.com/security/news/item/Anonymisation-service-uses-botnet-as-proxies-1339950.html
Discover more from Chad M. Barr
Subscribe to get the latest posts sent to your email.