{"id":19128,"date":"2021-11-20T00:32:12","date_gmt":"2021-11-19T20:32:12","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/proxyware\/19128\/"},"modified":"2021-11-20T00:32:12","modified_gmt":"2021-11-19T20:32:12","slug":"proxyware","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/proxyware\/19128\/","title":{"rendered":"Businesses&#8217; proxyware headache"},"content":{"rendered":"<p>Imagine getting paid for access to just a tiny portion of your Internet bandwidth at work. Sounds pretty sweet, doesn\u2019t it? The computer is on all the time anyway, and you have unlimited Internet access, so why not? It\u2019s not even your own resources, just corporate equipment and bandwidth.<\/p>\n<p>That all sounds simple, but you don\u2019t have to look too closely to see that when you agree to install a proxyware client on a work computer, it\u2019s not harmless at all. Install proxyware and you\u2019re exposing your corporate network to risks that far outweigh any income you might earn from the deal. To put it bluntly, no other questionable Internet money-making scheme comes with such a variety of undesirable consequences. Today we explain why proxyware is dangerous.<\/p>\n<h2>What is proxyware?<\/h2>\n<p>Researchers at Cisco Talos coined the term <em>proxyware<\/em> and have <a href=\"https:\/\/blog.talosintelligence.com\/2021\/08\/proxyware-abuse.html\" target=\"_blank\" rel=\"nofollow noopener\">reported on the phenomenon in depth<\/a>. Essentially, a proxyware service acts as a proxy server. Installed on a desktop computer or smartphone, it makes the device\u2019s Internet connection accessible to an outside party. Depending on how long the program remains enabled and how much bandwidth it is permitted to use, the client accumulates points that can eventually be converted into currency and transferred to a bank account.<\/p>\n<p>Of course, these kinds of services do not have to be used for illegal purposes, and they do have some legitimate applications. For example, some appeal to the marketing departments of large companies, which need as many Web entry points as possible in different geographic regions.<\/p>\n<h2>Why proxyware on a company computer is a bad idea<\/h2>\n<p>Although proxyware services claim \u201ctenants\u201d are harmless, problems sometimes still occur, including IP address reputation damage and software reliability.<\/p>\n<h3>Pessimization of the IP address<\/h3>\n<p>The most common problem with proxyware for the users of the computers on which it runs\u00a0\u2014 or even for the entire network if it has a single IP address\u00a0\u2014 is that the services often encounter <a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/captcha\/\" target=\"_blank\" rel=\"noopener\">CAPTCHA<\/a>s, whose entire point is to ensure only real humans can get access to an online resource. A computer with proxyware raises suspicions, and rightly so.<\/p>\n<p>One way bandwidth tenants can use proxyware-laden computers is to scan the Web or measure the speed of website access by regularly deploying a flood of requests. Automatic DDoS protection systems do not like that. It can also be a sign of something even more shady, such as spam mailings.<\/p>\n<p>Keep in mind that the consequences can be much more dire for the company, with automated requests landing the organization\u2019s IP address on a list of unsafe addresses. So, for example, if the e-mail server operates on the same address, at some point the employees\u2019 messages may stop reaching external recipients. Other e-mail servers will simply start blocking the organization\u2019s IP address and domain.<\/p>\n<h3>Fake proxyware clients<\/h3>\n<p>Another risk employees take in installing proxyware is that they may download something they didn\u2019t mean to. Try this little experiment: Go to Google and search for \u201choneygain download.\u201d You\u2019ll get a couple of links to the developer\u2019s official website and hundreds to unscrupulous file-sharing sites, half of which include \u201cbonus content\u201d with their downloads.<\/p>\n<p>What kinds of bonus content? Well, researchers describe one such trojanized installer as deploying a cryptocurrency-mining program (which devour a PC\u2019s resources and electricity) and a tool to connect to the cybercriminals\u2019 command server, from which anything else can be downloaded at any time.<\/p>\n<p>That kind of proxyware can take down an organization\u2019s entire IT infrastructure. It could also lead to ransomware encrypting data, ransom demands, and more. In sum, proxyware is a grab bag of dangers for a business.<\/p>\n<h2>Covert installation of proxyware<\/h2>\n<p>Most scenarios resemble the above: unintended consequences of purposeful (if sometimes unauthorized) installations. The converse sometimes happens as well, with an employee catching actual malware on a shady site, and that malware installing a modified proxyware client on the computer. That\u2019s nothing but trouble: slowed computers, less network bandwidth, and, potentially, data theft.<\/p>\n<h2>Recommendations for businesses<\/h2>\n<p>Your best way to combat criminal exploitation through proxyware is to install <a href=\"https:\/\/me-en.kaspersky.com\/small-to-medium-business-security\/cloud?icid=me-en_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder____kescloud___\" target=\"_blank\" rel=\"noopener\">a reliable antivirus solution<\/a> on every computer that has Internet access. Not only will that protect your company from the harmful effects of proxyware, but if said proxyware includes, or is included with, other malware, you\u2019ll still be covered.<\/p>\n<p>To be clear, even \u201cclean\u201d proxyware is not much better. A sound security policy should not allow anyone to install proxyware or any other questionable software on employees\u2019 computers, regardless of whether the computers are in the office or employees are connecting to the organization\u2019s VPN. As a rule, most employees do not need, and should not be allowed, to install software on their computers independently.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kes-cloud\">\n","protected":false},"excerpt":{"rendered":"<p>Employees can install proxyware without their employer\u2019s knowledge, introducing additional business cyberrisks. <\/p>\n","protected":false},"author":665,"featured_media":19129,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1318,1917,1486],"tags":[1012,2523],"class_list":{"0":"post-19128","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-smb","9":"category-threats","10":"tag-internet","11":"tag-unwanted-software"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/proxyware\/19128\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/proxyware\/23676\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/proxyware\/9592\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/proxyware\/25761\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/proxyware\/23814\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/proxyware\/23440\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/proxyware\/26478\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/proxyware\/26036\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/proxyware\/31966\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/proxyware\/10295\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/proxyware\/42947\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/proxyware\/18161\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/proxyware\/18554\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/proxyware\/15564\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/proxyware\/27784\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/proxyware\/32163\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/proxyware\/27866\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/proxyware\/24607\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/proxyware\/29992\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/proxyware\/29795\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/internet\/","name":"internet"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/19128","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/665"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=19128"}],"version-history":[{"count":0,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/19128\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/19129"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=19128"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=19128"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=19128"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}