Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
kevincloudsec 4 hours ago

The buried lede here is the business model. This isn't ransomware or data theft. The malware turns your PC into a residential proxy node and sells your IP address to third parties for fraud, scraping, and ad abuse. That's why it's designed to be invisible and why it persisted for so long. Traditional malware wants to disrupt or extract. Proxyware wants to coexist quietly.

Your machine runs a little slower, your bandwidth gets a little thinner, and someone halfway around the world is routing traffic through your home IP. It's a fundamentally different threat model and most endpoint protection isn't looking for it because the behavioral signatures look like normal network activity.

QuantumGood a minute ago | parent | next [-]

Also, official website is 7-zip.org, not 7zip.com

antonymoose 32 minutes ago | parent | prev | next [-]

> residential proxy node and sells your IP address to third parties for fraud, scraping, and ad abuse.

I know the potential for bad actors here, but there is legitimate use of these services.

I used to work in the “brand protection” space. Our entire business model was SOC-aaS, scraping, verifying, and ending lookalike sites among other threats. If you’ve banked at Wells Fargo or had an iCloud account, our job was to try and make that a little bit safer.

Fact is the enemy gets a vote and quite many so-called threat actors are buying very capable kits that know what the fingerprint of a clean room virtual instance or VPN looks like.

hcs 9 minutes ago | parent [-]

Maybe this is too obvious to say but it doesn't matter what they're selling the access for, it's the unwanted installation of the proxy that's malware. If you're buying access from a service that gets its residential network access that way you're contributing to the problem.

ValentineC 2 hours ago | parent | prev | next [-]

> It's a fundamentally different threat model and most endpoint protection isn't looking for it because the behavioral signatures look like normal network activity.

Is it even possible for a prosumer home router like OPNsense or OpenWRT to detect this?

MuffinFlavored 4 hours ago | parent | prev [-]

> Your machine runs a little slower, your bandwidth gets a little thinner, and someone halfway around the world is routing traffic through your home IP.

I wish in 2026 the default on new computers (Windows + Mac) was not only "inbound firewall on by default" but also outbound and users having to manually select what is allowed.

I know it is possible, it's just not the default and more of a "power user" thing at the moment. You have to know about it basically.

1vuio0pswjnm7 an hour ago | parent | next [-]

I do this outbound filtering but I don't use a computer running Windows or MacOS to do it

It doesn't make sense to expect the companies promoting Windows or MacOS to allow the user to potentially interfere with their "services" and surveillance business model

Windows and MacOS both "phone home" (unfiltered outgoing connections). If computer owners running these corporate OS were given an easy way to stop this, then it stands to reason that owners would stop the connections back to the mothership. That means loss of surveillance potential and lost revenue

As of 2006, still nothing stops anyone from setting the gateway of their computer running a corporate OS to point to a computer running a non-corporate OS that can do the outbound filtering

ForceBru 3 hours ago | parent | prev | next [-]

I use LuLu (https://objective-see.org/products/lulu.html) to block outgoing connections and manually select which connections/apps are allowed. It's free and works just fine.

TomatoCo 4 hours ago | parent | prev | next [-]

As a power user I agree, but how do you avoid it being like the Vista UAC popups? Everyone expects software to auto update these days and it's easy enough to social engineer someone into accepting.

atmanactive 3 hours ago | parent | prev | next [-]

Fort Firewall for the win.

https://github.com/tnodir/fort

tempest_ 4 hours ago | parent | prev [-]

Even if it was a default there is so many services reaching out the non-technical user would get assaulted with requests from services which they have no idea about. Eventually people will just click ok with out reading anything which puts you back at square one with annoying friction.