Free proxy service found running on top of 2,600+ hacked WordPress sites

A website offering both free and commercial proxy servers is actually running on top of a giant botnet of hacked WordPress sites, security researchers from Netlab, a network threat hunting unit of Chinese cyber-security giant Qihoo 360, have revealed.

In a report published today, Netlab researchers accused the proxy service of masquerading as a front for a criminal operation.

Researchers said that users who would use any of the proxy servers provided by the website would actually have their traffic funneled through a network of hacked WordPress sites spread all over the world.

New Linux.Ngioweb malware used to build proxy botnet

These WordPress sites were hacked and infected with a web shell, which acted as a backdoor, and the Linux.Ngioweb malware, which acted as the proxy agent.

Netlab researchers looked closely at the Linux.Ngioweb malware because this was a new strain that had not been seen before. After analyzing it, they said that Linux.Ngioweb contained two separate command and control (C&C) servers.

The first one — named Stage-1 — was used to…

Have a comment? Type it below!