Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: G+ Digg Delicious Reddit Facebook Twitter StumbleUpon
ProxyM Botnet Used as Relay Point for SQLi, XSS, LFI Attac
#1
A botnet made up of IoT devices is helping hackers mask attacks on web applications, acting as a relay point for SQL injection (SQLi), cross-site scripting (XSS), and local file inclusion (LFI) attempts.
The botnet is a veteran of the botnet scene, being named ProxyM and created using the You are not allowed to view links. Register or Login to view..
ProxyM active since February 2017
This botnet has been active since February 2017 and at one point in late May and early June, had reached a size of You are not allowed to view links. Register or Login to view..
Its operator(s) has targeted IoT devices running stripped-down Linux distros, and infected these devices with malware that only runs a simple SOCKS5 proxy.
In June, researchers spotted the botnet relaying basic HTTP traffic, but by September, the ProxyM operator changed tactics, and the botnet was being You are not allowed to view links. Register or Login to view. as part of spam campaigns.
Also by that time, the botnet had gone down to only 4,500 - 5,000 devices, but that didn't matter because a few thousand devices are more than needed for botnets that operate as proxy networks.
ProxyM changes tactics in mid-November
According to new research published last week by Dr.Web, the company that has been tracking all of ProxyM's movements, the botnet has been repurposed again, and this time, ProxyM bots are used as relay points in attempts to exploit vulnerable websites and servers.
It is unclear if ProxyM's owners are behind the attacks or if they are merely renting the botnet, but ProxyM bots have been sending between 10,000 and 35,000 requests per day, relaying exploitation attempts for SQLi, XSS, and LFI flaws.
undefined
Dr.Web says victims include gaming-related servers, public forums, and websites on various topics. There's no specific targeting, so it appears that someone is prodding random sites, hoping to find unpatched systems.
ProxyM is part of a rising wave of IoT botnets that have come back to life this fall after taking a break over the spring and summer. Two other botnets very active this past fall are You are not allowed to view links. Register or Login to view. (a Mirai variant) and You are not allowed to view links. Register or Login to view..

source:https://www.bleepingcomputer.com/news/security/proxym-botnet-used-as-relay-point-for-sqli-xss-lfi-attacks/
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)