Project Management

Open Web proxies, the base for malware attacks

Researchers at the Web Application Security Consortium (WASC) have found that banner ad/click fraud and spam form most of the traffic to open proxy servers on the Web.

Researchers at the Web Application Security Consortium (WASC) have found that banner ad/click fraud and spam form most of the traffic to open proxy servers on the Web.

An excerpt from Dark Reading:

Of the 9 million Web requests that hit the WASC honeynet in October, more than 2 million contained malicious, known attacks or other suspicious behavior. The global honeynet of Apache proxy servers configured with VMware was set up in January, and contains 15 of Breach Security's ModSecurity Web application firewalls, which identify, block, and log the attack traffic. The servers sit as decoys, gathering attack data that's monitored by the WAPs.

Techniques used for channeling attacks include:

  • Reverse-brute force authentication: Attackers cycle common passwords over accounts and try to guess and crack user names. This method helps evade detection and also prevents them from being locked out of the account.
  • Google-hacking techniques: This includes searching for blogs and forums online and posting spam messages to them.
  • Mining information on vulnerabilities from the detailed error messages on various Web sites.
  • Injecting malicious JavaScript code into legitimate sites.

More information:

Researchers eye open-proxy attacks (Techworld)

4 comments
mista.phillips
mista.phillips

How is this a surprise to anyone. This has been a common practice for years, and they finally figure it out now? Just scan your desired range for the port of your choice (depending on type of proxy), and bingo... many many open proxy's available for anonymous use. If the people maintaining these boxes can't keep them secure, I'm sure their auditing skills are just as rusty when the feds show up at their door.

seanferd
seanferd

It is just sad that malicious 8@$+@rd$ will abuse anything open to them. Compromising users machines and load the proxies with bad traffic, what style they have. Of course, there is nothing new here but the current figures, but it is nice to see the lay of the land. How does the industry make use of these numbers?

JCitizen
JCitizen

detail about plans for the use of the information. I realize you can't let your enemy know too much but even general knowledge would have been helpfull or at least interesting.

Editor's Picks