Researchers eye open-proxy attacks

Advertising and click-through fraud is currently topping the list of malicious activity funnelled through open proxy servers, followed by junk email, according to a research project deploying fake open proxies to catch crooks.

The research was carried out by the Web Application Security Consortium (WASC) using a network of virtual Apache proxy servers running on VMware and deploying an array of tools to identify, log and block traffic. The project started off with servers in seven countries in January, and has now expanded into 14 countries.

Open proxies are a frequent means by which attackers and scammers cover their tracks, making such traffic difficult to identify and trace. The WASC's approach gives researchers an insight into exactly what is passing through such servers.

When malicious traffic is identified, the honeypot servers block it and feed spoofed information back to the attackers, such as HTTP status codes, according to Ryan Barnett, director of application security training for Breach Security and head of the WASC's Distributed Open Proxy Honeypots project.