A website offering both free and commercial proxy servers is actually running on top of a giant botnet of hacked WordPress sites, security researchers from Netlab, a network threat hunting unit of Chinese cyber-security giant Qihoo 360, have revealed.
In a report published today, Netlab researchers accused the Free-Socks.in proxy service of masquerading as a front for a criminal operation.
Researchers said that users who would use any of the proxy servers provided by the Free-Socks.in website would actually have their traffic funneled through a network of hacked WordPress sites spread all over the world.
New Linux.Ngioweb malware used to build proxy botnet
These WordPress sites were hacked and infected with a web shell, which acted as a backdoor, and the Linux.Ngioweb malware, which acted as the proxy agent.
Netlab researchers looked closely at the Linux.Ngioweb malware because this was a new strain that had not been seen before. After analyzing it, they said that Linux.Ngioweb contained two separate command and control (C&C) servers.
The first one — named Stage-1 — was used to…