"In one day, we were able to get over 4,000 bots -- in one day," Alonso said. "No pay-per install, no paying anyone to create the exploit."
The researchers found a variety of low-level criminals using their proxy server: fraudsters posing as British immigration officials offering work permits in hopes of stealing money and sensitive documents from their victims; a man pretending to be a pretty woman on a number of dating sites to con victims into sending money for a plane ticket; and another fraudster selling nonexistent Yorkshire Terriers.
Alonso acknowledges that the technique may be legally questionable. While he published a privacy warning and legal disclaimer on the proxy site, he said you have to be careful where you set up the proxy server.
"It is better to search for servers in countries without law," he said.
It is very likely that companies and governments are already using this technique to eavesdrop on criminal activity, Alonso said.
Alonso recommended that anyone who is using anonymous proxies or even the Tor network to only use servers that they trust. In addition, privacy-sensitive people should regularly clear the browser cache. "The cache is not your friend," he said.
Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.