Anonymisation service uses botnet as proxies
Anonymisation service AWM Proxy rents computers infected with the TDL4 bot for use as anonymisation proxies, according to a report by security expert Brian Krebs. Starting at $3 per day, users can have their data traffic directed through the bot network in order to surf the Internet anonymously with other people's IPs. Krebs says the provider has been in business since the beginning of 2008. A Firefox extension reportedly facilitates configuration and use. The firm says it does not save any log files about its users' activities.
If the proxy user views illegal content, such as child pornography, or uses the anonymised connection to spread terror threats, the owner of the infected system could face legal consequences. To prove that they did not commit these illegal actions themselves, they will first have to find the rootkit deep down in their system. Among other things, it implements its own encrypted file system; its rootkit functions even work on 64-bit Windows.
But the proxy module is only one of the bot's numerous functions. Once the contaminant has settled down in your system, the botnet operator can load and execute files on your infected computer – so TDL4 can be used to send spam or in DDoS attacks. Online banking sessions might also be vulnerable. Antivirus specialist Kapersky has provided a comprehensive analysis.