Free proxy service found running on top of 2,600+ hacked WordPress sites

Free-Socks.in

A website offering both free and commercial proxy servers is actually running on top of a giant botnet of hacked WordPress sites, security researchers from Netlab, a network threat hunting unit of Chinese cyber-security giant Qihoo 360, have revealed.

In a report published today, Netlab researchers accused the Free-Socks.in proxy service of masquerading as a front for a criminal operation.

Researchers said that users who would use any of the proxy servers provided by the Free-Socks.in website would actually have their traffic funneled through a network of hacked WordPress sites spread all over the world.

New Linux.Ngioweb malware used to build proxy botnet

These WordPress sites were hacked and infected with a web shell, which acted as a backdoor, and the Linux.Ngioweb malware, which acted as the proxy agent.

Netlab researchers looked closely at the Linux.Ngioweb malware because this was a new strain that had not been seen before. After analyzing it, they said that Linux.Ngioweb contained two separate command and control (C&C) servers.

The first one — named Stage-1 — was used to…

https://www.zdnet.com/article/free-proxy-service-found-running-on-top-of-2600-hacked-wordpress-sites/#ftag=RSSbaffb68

Have a comment? Type it below!