[ISN] Tor network used to command Skynet botnet

From: InfoSec News <alerts_at_private>
Date: Tue, 11 Dec 2012 01:12:56 -0600 (CST)

By Lucian Constantin
10 December 2012

Security researchers have identified a botnet controlled by its creators 
over the Tor anonymity network. It's likely that other botnet operators 
will adopt this approach, according to the team from vulnerability 
assessment and penetration testing firm Rapid7.

The botnet is called Skynet and can be used to launch DDoS (distributed 
denial-of-service) attacks, generate Bitcoins - a type of virtual 
currency - using the processing power of graphics cards installed in 
infected computers, download and execute arbitrary files or steal login 
credentials for websites, including online banking ones.

However, what really makes this botnet stand out is that its command and 
control (C&C) servers are only accessible from within the Tor anonymity 
network using the Tor Hidden Service protocol.

Tor hidden services are most commonly Web servers, but can also be 
Internet Relay Chat (IRC), Secure Shell (SSH) and other types of 
servers. These services can only be accessed from inside the Tor network 
through a random-looking hostname that ends in the .onion 
pseudo-top-level domain.


Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
Received on Mon Dec 10 2012 - 23:12:56 PST

This archive was generated by hypermail 2.2.0 : Mon Dec 10 2012 - 23:23:10 PST