Hundreds of thousands of users who signed up for an inexpensive proxy service called Proxybox.name got quite a steal alright. They ended up installing a Trojan horse linked to a botnet first detected last summer.
Researchers at Symantec reverse engineered the Backdoor.Proxybox malware and unearthed a major black hat operation and perhaps the actual malware developer.
The investigation started with a legitimate looking Russian Web site advertising access to thousands of proxies for a ridiculously low monthly fee that could be paid via WebMoney, Liberty Reserve and RoboKassa. Proxy services often are used to mask a location and send information anonymously.