Scary stuff — the techie details of the trojan discussed in the NYT article today — Reverse-Proxy Spam Trojan – Migmaf (LURHQ):
LURHQ was able to obtain a copy of the trojan – detected from suspicious activity originating from a VPN user on a firewall on a network we monitor. What we found was the trojan was not a webserver at all, but instead: a reverse proxy server. Instead of hosting the content on the victim’s computer, the spammer instead maintained a ‘master’ webserver. We have dubbed this trojan ‘Migmaf’.