Sudden spike of Tor users likely caused by one “massive” botnet

Tor Project

Researchers have found a new theory to explain the sudden spike in computers using the Tor anonymity network: a massive botnet that was recently updated to use Tor to communicate with its mothership.

Mevade.A, a network of infected computers dating back to at least 2009, has mainly used standard Web-based protocols to send and receive data to command and control (C&C) servers, according to researchers at security firm Fox-IT. Around the same time that Tor Project leaders began observing an unexplained doubling in Tor clients, Mevade overhauled its communication mechanism to use anonymized Tor addresses ending in .onion. In the week that has passed since Tor reported the uptick, the number of users has continued to mushroom.

“The botnet appears to be massive in size as well as very widespread,” a Fox-IT researcher wrote in a blog post published Thursday. “Even prior to the switch to Tor, it consisted of tens of thousands of confirmed infections within a limited amount of networks. When these numbers are extrapolated on a per country and global scale, these are definitely in the same ballpark as the Tor users increase.”

Read 3 remaining paragraphs | Comments

    



via Ars Technica http://feeds.arstechnica.com/~r/arstechnica/index/~3/YgsWy34dFM0/story01.htm

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s