Proxy servers act as intermediaries between the company's network and the internet. When a host computer connected to a proxy server is infected by a proxy virus, the proxy virus can take over the proxy server and act as a proxy bot. Attackers can use these bots to stage anonymous attacks on networks. The whole point of a proxy virus is to breach a network by hiding behind a proxy server; the proxy bots make it look as though the attack is coming from multiple directions, making it harder to identify the true origin of the attack.
Similar to other viruses, the proxy virus disguises itself as a genuine software download or attachment, or piggybacks on a legitimate download or attachment. This virus gives attackers a chance to perform malicious activities such as credit card fraud, hacking, and other illegal activities with little risk of repercussion, since the true location of the attacker is masked. Aside from that, proxy viruses can collect information from the host computer and send it to the attacker.
Firewall Analyzer periodically collects syslogs of proxy servers. Its internal log processing engine comes with a built-in parser to identify proxy viruses for select vendors. Firewall Analyzer generates two types of reports:
1. A bar graph which shows the type of proxy virus along with the number of hits.
2. A table which provides the type of virus, host IP, number of hits, and percentage of hits.
Drill down on either of these reports to get a detailed view of the following fields: host IP, destination IP, status, protocol, and time.
Having analyzed the data, security admins can detect malicious proxy virus hosts and block them in the individual proxy server. Admins can also detect the infected IPs and plan for a clean up on those devices.