Researchers at the Web Application Security Consortium (WASC) have found that banner ad/click fraud and spam form most of the traffic to open proxy servers on the Web.

An excerpt from Dark Reading:

Of the 9 million Web requests that hit the WASC honeynet in October, more than 2 million contained malicious, known attacks or other suspicious behavior. The global honeynet of Apache proxy servers configured with VMware was set up in January, and contains 15 of Breach Security’s ModSecurity Web application firewalls, which identify, block, and log the attack traffic. The servers sit as decoys, gathering attack data that’s monitored by the WAPs.

Techniques used for channeling attacks include:

  • Reverse-brute force authentication: Attackers cycle common passwords over accounts and try to guess and crack user names. This method helps evade detection and also prevents them from being locked out of the account.
  • Google-hacking techniques: This includes searching for blogs and forums online and posting spam messages to them.
  • Mining information on vulnerabilities from the detailed error messages on various Web sites.
  • Injecting malicious JavaScript code into legitimate sites.

More information:

Researchers eye open-proxy attacks (Techworld)