Researchers eye open-proxy attacks

Honeypot technique uncovers scams and attacks.

Advertising and click-through fraud is currently topping the list of malicious activity funnelled through open proxy servers, followed by junk email, according to a research project deploying fake open proxies to catch crooks.

The research was carried out by the Web Application Security Consortium (WASC) using a network of virtual Apache proxy servers running on VMware and deploying an array of tools to identify, log and block traffic. The project started off with servers in seven countries in January, and has now expanded into 14 countries.

Open proxies are a frequent means by which attackers and scammers cover their tracks, making such traffic difficult to identify and trace. The WASC's approach gives researchers an insight into exactly what is passing through such servers.

When malicious traffic is identified, the honeypot servers block it and feed spoofed information back to the attackers, such as HTTP status codes, according to Ryan Barnett, director of application security training for Breach Security and head of the WASC's Distributed Open Proxy Honeypots project.

Click fraud traffic, employed to distort results from click-throughs to web ads or other commercial links, led malicious activity during the month of October, with 2.6 million requests. That compares to 158,000 requests for the entirety of the January-April period.

Spam followed with nearly two million requests, compared to slightly more than 109,600 in January-April. Most of the attacks are automated, WASC said.

The most serious attacks measured by the WASC's honeypots were designed to implant malicious Javascript code into often legitimate websites. Malicious Javascript is often used to exploit known browser flaws, in order to install malware onto client machines.

The project also noted an extensive scan designed to break into the email accounts of a popular Internet service provider.

The scan, using a method called distributed reverse brute force authentication, is distributed across hundreds of unique email authentication hosts in order to evade detection.

The technique involves checking a large number of different email usernames to see if they match specific common passwords. By "cracking" the username rather than the password, the attackers can evade many ordinary security defenses.

Even if the attack doesn't allow the attackers to break into email accounts, it yields a list of valid email accounts that can be used for spamming purposes.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Matthew Broersma

Techworld.com
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers

MSI P65

This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang

MSI GT76

It really doesn’t get more “gaming laptop” than this.

Jack Jeffries

MSI GS75

As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr

MSI PS63

The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?