Who and What is Behind the Malware Proxy Service SocksEscort?

Condobloke

Well-Known Member
Joined
Apr 30, 2017
Messages
9,597
Reaction score
7,688
Credits
65,933


Sometime within the past year, probably less, you've linked to a couple of articles about these proxy-for-hire services being shut down. As predicted, it didn't take long for malicious parties to find replacement services.

I did learn that they've given it a name, calling it, "password-spraying attacks". That's basically when you take a bunch of usernames and then use them in combination with a bunch of default/common passwords. It's not a new technique, not even by a long shot, but it appears to now have a fancy name.

Back in the day, we'd set up a bunch of proxies (in software) and add a list of common usernames and common passwords. We'd then try to get a password match. It's a bit different from 'brute force', which is when you systemically progress through password options (think "aaaaaaa1" then "aaaaaa2" and then "aaaaaa3") - preferably with a known username.

As near as I can tell, it's just a fancy new name for something that has been done for years.

None of this is particularly new. As routers have unfettered access to the internet and are seldom updated (or even getting support from the vendors anymore), it makes perfectly good sense to target them.
 
 


Top