PUM.bad.proxy - Misplaced Pages

This article has multiple issues. Please help improve it or discuss these issues on the talk page. (Learn how and when to remove these messages)

This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed.
Find sources: "PUM.bad.proxy" – news · newspapers · books · scholar · JSTOR (January 2014) (Learn how and when to remove this message)

Some of this article's listed sources may not be reliable. Please help improve this article by looking for better, more reliable sources. Unreliable citations may be challenged and removed. (January 2014) (Learn how and when to remove this message)

(Learn how and when to remove this message)

PUM.bad.proxy
Type	malware
Subtype	Windows Registry hack
Technical details
Platform	Microsoft Windows Internet Explorer
Ports used	6522, among others

PUM.bad.proxy is a form of malware known as a "registry hack", an unauthorized alteration to the Windows Registry file that specifically redirects LAN settings within Internet Explorer, the popular web browser commonly installed as the default web browser for Microsoft Windows. First spotted by users of Malwarebytes' Anti-Malware security software on 22 January 2011, it was reported to Malwarebytes Software over 200 times the first day alone.

Details

The name is assigned by Malwarebytes' Anti-Malware and is not the specific name of a unique virus or hack. The "PUM" defines a "Potentially Unwanted Modification," and the "bad.proxy" defines the modification. The ability to search for and alert a user to "Potentially Unwanted Modifications" was added to Malware Bytes in November, 2010. It is likely that the first day users began reporting PUM.bad.proxy was not the first day the hack existed, but rather the first time Malware Bytes could alert a user to the vulnerability. Also, the fact that the proxy server is often not active when Malware Bytes alerts a user to its presence may indicate that it is a remnant of a virus, hack, or other malicious software that had previously been removed or quarantined.

The hack alters the proxy server address settings to redirect web access requests back to the computer's own internal LAN address, 127.0.0.1, effectively cutting the computer off from access to the internet. Its origin and method of propagation are currently unknown. The altered registry setting only affects users of Internet Explorer (including the most recent version, Internet Explorer 9); other browsers such as Firefox do not depend upon this specific Windows Registry item for proxy address and port settings.

Registry value affected

The affected registry value is HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer. This value is set to "127.0.0.1", the computer's internal address to its own network card. Various port numbers have been reported.

References

"PUM.bad.proxy". malwarebytes.com. Retrieved 2011-05-17.
"New Malware Floating Around". CPAP Talk. Retrieved 2011-08-16.

v t e Malware topics
Infectious malware	Comparison of computer viruses Computer virus Computer worm List of computer worms Timeline of computer viruses and worms
Concealment	Backdoor Clickjacking Man-in-the-browser Man-in-the-middle Rootkit Trojan horse Zombie computer
Malware for profit	Adware Botnet Crimeware Fleeceware Form grabbing Fraudulent dialer Infostealer Keystroke logging Malbot Privacy-invasive software Ransomware Rogue security software Scareware Spyware Web threats
By operating system	Android malware Classic Mac OS viruses iOS malware Linux malware MacOS malware Macro virus Mobile malware Palm OS viruses HyperCard viruses
Protection	Anti-keylogger Antivirus software Browser security Data loss prevention software Defensive computing Firewall Internet security Intrusion detection system Mobile security Network security
Countermeasures	Computer and network surveillance Honeypot Operation: Bot Roast

Category:

Malware

Details

Registry value affected

See also

References