Symantec reverse engineered the Backdoor.Proxybox malware and unearthed a major black hat operation and perhaps the actual malware developer. The investigation started with a legitimate looking Russian Web site advertising access to thousands of proxies for a ridiculously low monthly fee that could be paid via WebMoney, Liberty Reserve and RoboKassa. The rootkit attempts to protect the malicious payload and all other files associated with the threat to increase the threat s persistence. A closer inspection of the command-and-control server showed the botnet maintains some 40,000 users online at any time.
Source: https://threatpost.com/proxy-service-front-malware-distribution-100812/77089/