A slew of security-as-a-service applications — from Postini to OpenDNS to Zscaler — reroute domain-name system (DNS) requests through centralized servers or proxies to detect security threats and sanitize traffic before it reaches the client network. Yet proxies are not just used by security companies, but by criminals as well. DNSChanger, which authorities shutdown in November, used just such a strategy to reroute victims to custom advertisements and malicious installers. When the program compromised a system, it would replace the list of valid DNS servers with entries that pointed to servers controlled by the criminal operators, allowing the botnet owners to reroute victims’ Internet requests to any site.
Read more: Malicious Proxies May Become Standard Fare