Anyone who thought they were downloading Web proxy software was instead installing a Trojan horse tied to a Russian black hat operation.
A black hat Russian operation has served malware to hundreds of thousands of users a year who thought they were signing up for a paid proxy service, Symantec said today.
The security company said in a blog post that it has linked the malware to a cluster of Russian Web sites – including one called Proxybox.name – that claim to provide proxy access, VPN services, and antivirus scanning. Proxybox.name requires users to download what it calls “functional, simple, and convenient” proxy software.
Read more: Symantec: Russian criminals sell Web 'proxy' with backdoors - CNET