Symantec: Russian criminals sell Web 'proxy' with backdoors

Anyone who thought they were downloading Web proxy software was instead installing a Trojan horse tied to a Russian black hat operation.

The Web site, which Symantec says is a Trojan Horse offering software that enlists your computer in a botnet.
The Web site, which Symantec says is a Trojan horse offering software that enlists your computer in a botnet. Click to enlarge.

A black hat Russian operation has served malware to hundreds of thousands of users a year who thought they were signing up for a paid proxy service, Symantec said today.

The security company said in a blog post that it has linked the malware to a cluster of Russian Web sites -- including one called -- that claim to provide proxy access, VPN services, and antivirus scanning. requires users to download what it calls "functional, simple, and convenient" proxy software.

Vikram Thakur, principal manager at Symantec Security Response, told CNET this afternoon that:

What the Web site doesn't speak of is how they proxy traffic i.e. where will the client traffic be channeled through? What we see is that the operation of the service has made use of malware that installs a proxy component on unsuspecting users' computers. Unsuspecting users get a piece of malware installed on their computer which makes them available to the proxy service's botmaster commands.

While the Russian connections and use of proxy software as a Trojan are new, the security community has known about the botnet malware since at least July. (Proxy software can be used to circumvent censorship, provide anonymity, or bypass geographical content restrictions.)

Once a computer is compromised, it connects to a remote server that sends it a series of PHP pages that it uses to automatically configure itself. Then it will be enlisted in a botnet that relies on about 40,000 simultaneous computers.

Symantec redacted the name of the individual it fingered as being involved in some of the operation's finances through the WebMoney payment system, but an unredacted copy of the same page suggests that the person could be Kramarenko Bogdan Yurievich.

Featured Video
This content is rated TV-MA, and is for viewers 18 years or older. Are you of age?
Sorry, you are not old enough to view this content.

Details about Apple's 'spaceship' campus from the drone pilot who flies over it

MyithZ has one of the most popular aerial photography channels on YouTube. With the exception of revealing his identity, he is an open book as he shares with CNET's Brian Tong the drone hardware he uses to capture flyover shots of the construction of Apple's new campus, which looks remarkably like an alien craft.

by Brian Tong