PUM.bad.proxy

PUM.bad.proxy
Type	malware
Subtype	Windows Registry hack
Isolation	2011-01-22
Port(s) used	6522, among others
Operating system(s) affected	Microsoft Windows Internet Explorer

PUM.bad.proxy is a form of malware known as a "registry hack", an unauthorized alteration to the Windows Registry file that specifically redirects LAN settings within Internet Explorer, the popular web browser commonly installed as the default web browser for Microsoft Windows. First spotted by users of Malwarebytes' Anti-Malware security software on 22 January 2011,^[1] it was reported to Malwarebytes Software over 200 times the first day alone.

Details

The name is assigned by Malwarebytes' Anti-Malware and is not the specific name of a unique virus or hack. The "PUM" defines a "Potentially Unwanted Modification," and the "bad.proxy" defines the modification. The ability to search for and alert a user to "Potentially Unwanted Modifications" was added to Malware Bytes in November, 2010. It is likely that the first day users began reporting PUM.bad.proxy was not the first day the hack existed, but rather the first time Malware Bytes could alert a user to the vulnerability.^[2] Also, the fact that the proxy server is often not active when Malware Bytes alerts a user to its presence may indicate that it is a remnant of a virus, hack, or other malicious software that had previously been removed or quarantined.

The hack alters the proxy server address settings to redirect web access requests back to the computer's own internal LAN address, 127.0.0.1, effectively cutting the computer off from access to the internet. Its origin and method of propagation are currently unknown. The altered registry setting only affects users of Internet Explorer (including the most recent version, Internet Explorer 9); other browsers such as Firefox do not depend upon this specific Windows Registry item for proxy address and port settings.

Registry value affected

The affected registry value is HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer. This value is set to "127.0.0.1", the computer's internal address to its own network card. Various port numbers have been reported.

References

↑ "PUM.bad.proxy". malwarebytes.com. Retrieved 2011-05-17.
↑ "New Malware Floating Around". CPAP Talk. Retrieved 2011-08-16.

Malware topics

Infectious malware	Computer virus Comparison of computer viruses Computer worm List of computer worms Timeline of computer viruses and worms

Concealment	Trojan horse Rootkit Backdoor Zombie computer Man-in-the-middle Man-in-the-browser Man-in-the-mobile Clickjacking

Malware for profit	Privacy-invasive software Adware Spyware Botnet Keystroke logging Form grabbing Web threats Fraudulent dialer Malbot Scareware Rogue security software Ransomware

By operating system	Linux malware Palm OS viruses Mobile malware Macro virus Macintosh (old) viruses Mac OS X malware iOS malware Android malware

Protection	Anti-keylogger Antivirus software Browser security Internet security Mobile security Network security Defensive computing Firewall Intrusion detection system Data loss prevention software

Countermeasures	Computer and network surveillance Operation: Bot Roast Honeypot Anti-Spyware Coalition

This article is issued from Wikipedia - version of the 10/29/2015. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.

PUM.bad.proxy

Details

Registry value affected

See also

References