Anonymous proxy services are online applications that enable users to surf the Web with enhanced privacy. These applications act as an SSL proxy between the user and the Web site to be visited, thus masking the IP address and providing additional privacy features, such as referrer hiding, script removal, cookies removal, and URL encoding. Proxify is one provider of these services, but many more are available on the Internet.

Although we believe online privacy is something we always need to take care of, the use of these kinds of services could lead to trouble as well. First of all, the use of secure socket layer (SSL) prevents network intrusion detection systems (NIDS) and most desktop-based intrusion prevention systems (IPS) from checking those resources visited through the proxy, leaving the desktop antivirus with the full burden of protecting the computer. Then, in an enterprise environment, these systems can bypass security policies through URL and traffic encoding, allowing internal users to browse resources that would otherwise be restricted. For example, this could lead to users checking their private Web emails and downloading those "funny jokes" sent by their friends, unfiltered by the corporate network.
Finally, these services can actually be utilized pretty easily by the bad guys to spread more malware. Again using Proxify as an example, let’s look at the system using a simple HEX encoding to mask the visited URL.
Let’s assume an attacker has a working copy of MPack located on www.mpacksite.com. Using Proxify, this URL would become "https://proxify.com/p/011010A1000100/687474703a2f2f7777772e6d7061636b736974652e636f6d2f", where the string after the latter slash symbol is simply the initial URL, but HEX encoded. This URL can be used on any compromised Web site within a standard iframe, letting attackers elude NIDS on a standard HTTP page.
Corporate users are encouraged to filter out known anonymous proxies in order to prevent possible issues related to their use (and abuse).


More...