Malicious proxies may become standard fare
A number of security-as-a-service applications — from Postini to OpenDNS to Zscaler — reroute domain-name system (DNS) requests through centralized servers or proxies to detect security threats and sanitize traffic before it reaches the client network.
Yet proxies are not just used by security companies, but by criminals as well. DNSChanger, which authorities shut down November 2011, used just such a strategy to reroute victims to custom advertisements and malicious installers. When the program compromised a system, it would replace the list of valid DNS servers with entries that pointed to servers controlled by the criminal operators, allowing the botnet owners to reroute victims’ Internet requests to any site. While DNSChanger itself did little damage with Internet traffic under the control of malicious actors, compromised systems quickly became laden with secondary infections.