Slashdot Mirror

← Back to Stories (view on slashdot.org)

Storm Worm Evolves To Use Tor

Posted by CmdrTaco on from the guess-who's-back dept.

An anonymous reader writes "Seems like the Storm botnet that was behind the last two waves of attacks is also responsible for this new kind of social-engineering based attacks, using spam to try and convince users of the necessity of using Tor for there communications. They 'kindly' provide a link to download a trojaned version of Tor. This blog entry has a link to the original post on or-talk mailing list which has some samples of the messages."

4 of 182 comments (clear)

  1. Re:Are we late to the party? by Urd.Yggdrasil · · Score: 5, Informative

    They aren't using Tor to hide their traffic, their trying to trick users into download a Trojan saying that it is a Tor executable and they need to protect their privacy. The Storm bot net uses a system called Fast Flux to hide traffic.

  2. Comment removed by account_deleted · · Score: 3, Informative

    Comment removed based on user account deletion

  3. Re:Who are the stormbot people? by Urd.Yggdrasil · · Score: 5, Informative

    The group running the system is taking precautions to avoid detection, such as using Fast Flux Also it is speculated that they are in a former Soviet block country, which tend to have very poor laws and few resources to go after such people.

  4. This is *not* using the Tor network or software by shava · · Score: 5, Informative

    This attack is not using our network or our software, only abusing our reputation. We sent this release to slashdot and others, days ago:

    ====
    The Tor Project, a US non-profit organisation producing Internet
    privacy software, is issuing an urgent warning about a spam email
    being circulated as a fake promotion for their software.

    The real Tor software provides privacy on the Internet to journalists,
    bloggers and human rights activists all over the world. The spam email
    promotes the virtues of the software, but then directs people to a
    series of fake websites that contain malicious code that will attempt
    to take over visiting machines, and the downloaded software is fake
    and equally dangerous to run.

    The real website is hosted at http://tor.eff.org/ and the Tor
    software can be downloaded from there. Users are able to check that
    they have received the official version by following the instructions
    at: http://wiki.noreply.org/noreply/TheOnionRouter/Ver ifyingSignatures

    Shava Nerad, Development Director for the Tor Project said, "I am
    disgusted that criminals who want to recruit more machines for their
    illegal activities should trade on our reputation for providing
    privacy on the Internet. Fortunately we already have systems in place
    so that people can verify that they are downloading the official
    software. But this is a distraction from our work that we could do
    without."
    ====

    This stuff makes us sad. But you won't even get a trojanned client, just a trojan. And the page you click through to will try to exploit holes in your browser security, so don't even click through.

    Yrs,
    Shava Nerad
    Development Director
    The Tor Project