←back to thread

Faking a JPEG

(www.ty-penguin.org.uk)
343 points todsacerdoti | 1 comments | 11 Jul 25 22:57 UTC | HN request time: 0.287s | source
Show context
derefr ◴[12 Jul 25 01:21 UTC] No.44538480[source]
> It seems quite likely that this is being done via a botnet - illegally abusing thousands of people's devices. Sigh.

Just because traffic is coming from thousands of devices on residential IPs, doesn't mean it's a botnet in the classical sense. It could just as well be people signing up for a "free VPN service" — or a tool that "generates passive income" for them — where the actual cost of running the software, is that you become an exit node for both other "free VPN service" users' traffic, and the traffic of users of the VPN's sibling commercial brand. (E.g. scrapers like this one.)

This scheme is known as "proxyware" — see https://www.trendmicro.com/en_ca/research/23/b/hijacking-you...

replies(2): >>44538482 #>>44541799 #
1. jeroenhd ◴[12 Jul 25 13:06 UTC] No.44541799[source]
That's just a variant of a botnet that the users are willingly joining. Someone well-intentioned should probably redirect those IP addresses to a "you are part of a botnet" page just in case they find the website on a site like HN and don't know what their family members are up to.

Easiest way to deal with them is just to block them regardless, because the probability that someone who knows what to do about this software and why it's bad will read any particularly botnetted website are close to zero.