Researchers at AT&T Alien Labs recently came across a big campaign of malware that were infecting Windows machines with a proxy server application. On traffic passing via those devices, a corporation charges for a proxy service. This is an extension of study on Mac systems that AdLoad transformed into proxy exit nodes that was previously covered in our blog.
Alien Labs’ study led to the discovery of a provider of proxy services, whereby proxy requests are forwarded through hacked systems that have been turned into residential exit nodes by malware intrusion. Alien Labs has proof that malware writers are surreptitiously installing the proxy on infected systems, despite the proxy website’s claim that its exit nodes only come from users who have been notified and agree to the use of their device.