Risk by Proxy

As part of my fraud detection work, I've been looking at anonymous network proxies (aka anonymizers) as a source of risk.  What is a proxy?  A proxy is, in essence, a man-in-the-middle (MITM).  If the MITM is a bad guy, then you've just invited a wolf in sheep's clothing into your house.

While there are many MITM attacks possible, including SSL certificate spoofing, most lucrative attacks are the ones that keeps the door open.  For example, a proxy can inject virus into any executables users download.  Once they are in, they can start harvesting passwords through keylogging or inject bogus certificates to monitor SSL traffic.

Come to think of it, this is a great way to deliver monitoring software into hacker's desktops.

Advertisements