Linux.proxym Zombie Network again launched a crazy attack, infected with thousands of devices __linux

Source: Internet
Author: User
Tags sql injection

Docker Web security experts have discovered a new IoT zombie network that uses Linux.proxym malware and is trying to attack the site.

Linux.proxym is a Linux malware that creates a proxy network on infected devices through a SOCKS proxy server that forwards malicious traffic and masks its true origins.

According to Dr. Web, Linux.proxym was first discovered in February this year, its activities peaked in late May, and the number of devices infecting Linux.proxym in July has reached 10,000 units.



Linux.proxym can be compatible with a wide range of architectures, including x86, MIPS, Mipsel, PowerPC, ARM, SuperH, Motorola 68000, and SPARC.


Linux Proxym is a malicious program on the Linux platform that launches SOCKS proxy servers on infected devices. Cyber criminals can use it to initiate anonymous sabotage.

This malware is known to run in architectures such as x86, MIPS, Mipsel, PowerPC, ARM, SuperH, Motorola 68000, and SPARC. This means that Linux Proxym can infect almost any Linux device, including routers, set-top boxes, and other similar devices.

This September, the botnet, which was built using Linux.proxym, was originally used to send junk mail. It is estimated that each infected device sends nearly 400 e-mails a day.

Later, attackers used botnets to send phishing messages, and new messages were sent in the name of "DocuSign", a company that provided electronic signature technology and digital transaction management services to facilitate the exchange of electronic contracts and signature documents.


The message contains a link to a forged docusign Web site login page that a cyber criminal uses to deceive victims into entering their passwords. The victim will then be redirected to the real docusign login page.

By December, attackers began using Linux.proxym botnet attack sites, including SQL injection, XSS (Cross-site scripting), and local file inclusion (LFI). The sites that are attacked include game servers, forums and other theme resource sites, and even combat ethnic sites (the original fighting ethnic website is listed separately = =).

On December 7, Dr web security researchers observed that the number of attacks launched by the Linux.proxym botnet has reached 20,000 times. About one months ago, the botnet launched a daily attack of nearly 40,000 times.

"Although Linux.proxym has only one feature-as a proxy server. However, cyber criminals are constantly looking for new ways to use them, using them for illegal purposes and showing growing interest in IoT equipment. ”



Source: Securityaffairs

This article is compiled by Ljcnaix translation Group

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.