Home arrow News arrow Random Misc. Technology arrow Researchers study open-proxy attacks

Anonymous Proxy

circumvent proxy

Proxify® is a web-based anonymous proxy service which allows anyone to surf the Web privately and securely. Unlike other proxies, there is no software to install or complicated instructions to follow. Just enter a URL (website address) in the form above. Through Proxify, you can use websites but they cannot uniquely identify or track you. Proxify hides your IP address and our encrypted connection prevents monitoring of your network traffic. Once using Proxify, you can surf normally and forget that it is there, protecting you.

HardwareWire Content

Syndicate

Latest News

Researchers study open-proxy attacks
Thursday, 15 November 2007
Advertising and click-through fraud is currently topping the list of malicious activity funnelled through open proxy servers, followed by junk e-mail, according to a research project deploying fake open proxies to catch crooks.The research was carried out by the Web Application Security Consortium (WASC) using a network of virtual Apache proxy servers running on VMware and deploying an array of tools to identify, log and block traffic. The project started off with servers in seven countries in January, and has now expanded into 14 countries.Open proxies are a frequent means by which attackers and scammers cover their tracks, making such traffic difficult to identify and trace. The WASC's approach gives researchers an insight into exactly what is passing through such servers.When malicious traffic is identified, the honeypot servers block it and feed spoofed information back to the attackers, such as HTTP status codes, according to Ryan Barnett, director of application security training for Breach Security and head of the WASC's Distributed Open Proxy Honeypots project.Click fraud traffic, employed to distort results from click-throughs to Web ads or other commercial links, led malicious activity during the month of October, with 2.6 million requests. That compares to 158,000 requests for the entirety of the January-April period.Spam followed with nearly two million requests, compared to slightly more than 109,600 in January-April. Most of the attacks are automated, WASC said.The most serious attacks measured by the WASC's honeypots were designed to implant malicious Javascript code into often legitimate Web sites. Malicious Javascript is often used to exploit known browser flaws, in order to install malware onto client machines.The project also noted an extensive scan designed to break into the e-mail accounts of a popular Internet service provider.The scan, using a method called distributed reverse brute force authentication, is distributed across hundreds of unique e-mail authentication hosts in order to evade detection.The technique involves checking a large number of different e-mail usernames to see if they match specific common passwords. By "cracking" the username rather than the password, the attackers can evade many ordinary security defenses.Even if the attack doesn't allow the attackers to break into e-mail accounts, it yields a list of valid e-mail accounts that can be used for spamming purposes.Techworld is an InfoWorld affiliate. 
 
< Prev   Next >
[ Back ]

Related Searches

access apple article based birdie built calls cases channel china chinese company content desktop devices draft google icann icaza iphone latest launch linux little maker market million mobile monday month music network offer online phone plans power product release report retail reuters search service speed start suite tuesday users using version video vista windows world yahoo

Popular

Related Information

Domain Name Roundup

One Solution

cURL error 7:


All content on this website is © DarkestWeb.com or the respective artist. Any duplication without prior written consent is strictly prohibited!
Contact admin@darkestweb.com for further information.