Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cybercrooks Increasingly Use Tor Network To Control Botnets

Posted by timothy on from the for-increasingly-always-read-we-just-noticed dept.

alphadogg writes "Malware writers are increasingly considering the Tor anonymity network as an option for hiding the real location of their command-and-control servers, according to researchers from security firm ESET. The researchers recently came across two botnet-type malware programs that use C&C servers operating as Tor 'hidden services.' The Tor Hidden Service protocol allows users to set up services — usually Web servers — that can only be accessed from within the Tor network through a random-looking hostname that ends in the .onion pseudo domain extension. The traffic between a Tor client and a Tor hidden service is encrypted and is randomly routed through a series of computers participating in the network and acting as relays."

5 of 99 comments (clear)

  1. shocking by schneidafunk · · Score: 4, Informative

    In other news, bank robbers are increasingly wearing masks.

    --
    Some people die at 25 and aren't buried until 75. -Benjamin Franklin
  2. Re:I guess I don't know how these things work by houstonbofh · · Score: 4, Interesting

    No need... Cheap server hosting with little tracking was plentiful. Now, not so much... You see, as they develop new methods, lots of people study and find ways to defeat those methods. So in a small ammount of time, there will be many hackers finding a way to shatter annonomity in TOR. The NSA could not have planned it better.

  3. Cool. by magic+maverick+ · · Score: 5, Insightful

    Of course, you shouldn't blame Tor for this. I'm sure Freenet could equally be used, but Tor is just easy. Instead, blame the OS manufactures, and the owners of the bot-ridden machines. Seriously. It's your fault if you don't know enough about your car that you ignore the oil light and it seizes up on a highway. And it's your fault if your machine is turned into a cog of part of a greater machine, bending to the whims of some "hacker".

    Maybe it's time to bring back computers with the OS stored in ROM, so that is is reset to a clean state every time the computer is restarted.

    --
    HELP MY ACCOUNT HAS BEEN HACKED BY AN ILLIBERAL ART STUDENT SET TO DESTROY THE INTERWEBZ!
  4. Anonymity and you by intermodal · · Score: 5, Insightful

    Anonymity is a powerful force. In both directions. The anonymous writings of the late 18th century were every bit as powerful as a masked bandit.

    I, for one, do not consider the risk of Tor to be greater than the benefit.

    --
    In SOVIET RUSSIA... erm...NSA AMERICA, the Internet logs onto YOU!
  5. Re:I guess I don't know how these things work by stewsters · · Score: 4, Interesting

    Its pretty easy to take away the anonymity of tor if you could hypothetically record all traffic to and from each computer in the network. You can then see Alice send the message to Carlos who then forwarded it to Bob. Luckily in the US no one is recording every encrypted message you send... oh shit.

    The only way to protect yourself would to use garlic routing and make sure you send a lot of traffic. Turn your bandwidth up. To improve this, you need to create a widely used sharing client for your network to get as many others to create decoy traffic as you can.