Over the last few years, a significant part of our malware tracking efforts has focused on monitoring backconnect proxy malware families. What began in 2021 as an experiment with the SystemBC malware family has evolved into a project for monitoring multiple proxy botnets. Its primary aim has been to investigate proxied traffic with a particular focus on capturing spam campaigns. In 2024, we expanded our capabilities to monitor residential proxy providers suspected of facilitating spam.

This talk will share findings from our monitoring efforts and provide technical insights into impactful backconnect malware families and residential proxy providers.