Two researchers from Madrid-based security consultancy Informatica64 used a Javascript trojan horse to take control of computers using an untrusted proxy, gaining intelligence on a variety of underground criminal activity, from Nigerian spammers to dating-site scammers to Web-site defacers.
In a presentation at the Black Hat security conference on Wednesday, security consultant Chema Alonso demonstrated a legally-questionable technique to eavesdrop on the activities of people, or create a botnet, by replacing cached Javascript with an attacker's copy. To inject the Javascript file into a victim's browser, Alonso and a colleague set up an anonymous proxy server and then published its Internet address on a proxy forum.
In a single day, more than 4,000 computers had connected to the proxy server and had the poisoned Javascript file in their browser cache. Using the Javascript trojan horse, the group started collecting cookies and Web site credentials.