Researchers eye open-proxy attacks

Honeypot technique uncovers scams and attacks.

Advertising and click-through fraud is currently topping the list of malicious activity funnelled through open proxy servers, followed by junk email, according to a research project deploying fake open proxies to catch crooks.

The research was carried out by the Web Application Security Consortium (WASC) using a network of virtual Apache proxy servers running on VMware and deploying an array of tools to identify, log and block traffic. The project started off with servers in seven countries in January, and has now expanded into 14 countries.

Open proxies are a frequent means by which attackers and scammers cover their tracks, making such traffic difficult to identify and trace. The WASC's approach gives researchers an insight into exactly what is passing through such servers.

When malicious traffic is identified, the honeypot servers block it and feed spoofed information back to the attackers, such as HTTP status codes, according to Ryan Barnett, director of application security training for Breach Security and head of the WASC's Distributed Open Proxy Honeypots project.

Click fraud traffic, employed to distort results from click-throughs to web ads or other commercial links, led malicious activity during the month of October, with 2.6 million requests. That compares to 158,000 requests for the entirety of the January-April period.

Spam followed with nearly two million requests, compared to slightly more than 109,600 in January-April. Most of the attacks are automated, WASC said.

The most serious attacks measured by the WASC's honeypots were designed to implant malicious Javascript code into often legitimate websites. Malicious Javascript is often used to exploit known browser flaws, in order to install malware onto client machines.

The project also noted an extensive scan designed to break into the email accounts of a popular Internet service provider.

The scan, using a method called distributed reverse brute force authentication, is distributed across hundreds of unique email authentication hosts in order to evade detection.

The technique involves checking a large number of different email usernames to see if they match specific common passwords. By "cracking" the username rather than the password, the attackers can evade many ordinary security defenses.

Even if the attack doesn't allow the attackers to break into email accounts, it yields a list of valid email accounts that can be used for spamming purposes.

Join the newsletter!

Or
Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Matthew Broersma

Techworld.com
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?