Another Attack Uses Unsuspecting Home Users (Your Employees) to Launch Attacks

AT&T’s Alien Labs says there is a massive campaign out there that creates “proxy servers” on Windows and Mac computers. The proxies then talk to a command and control computer servers that give them instructions on who to attack.

The idea is that with hundreds of thousands of zombie PCs and Macs, defenders are not able to block the attackers.

As of last week, AT&T says they think the network of attack zombies is about 400,000 computers strong, growing at a thousand a week.

Another problem is the the “business model” of the attackers building the network is to bundle the attack software into games and other compromised software.

While the software is silently installed, the organization running the attack network claims the owners of the attack zombie computers agreed to participate in illegal attacks. Somehow, I doubt it.

Since the applications are signed, anti-virus software does not detect it. Also, since there are thousands of different variants of the software, it is difficult to block them all.

The software is set up to launch itself every time the computer reboots, so it is persistent.

For more technical information on how the proxy works and how to detect if your employee’s home computers are compromised, check out the link. Credit: AT&T- Alien Labs