Large botnet responsible for the increase in Tor usage

YFZbluYFZblu Member Posts: 1,462 ■■■■■■■■□□
Thought you guys might like this - A couple of weeks ago many noticed a large and sudden increase in Tor usage. There were a bunch of theories on what the cause was. Here is a SANS diary covering it:

https://isc.sans.edu/diary/Tor+Use+Uptick/16478

As it turns out, the owners of the Mevade botnet moved their command-and-control infrastructure over to a Tor server in an attempt to become more stealthy; the idea backfired when the entire bot (estimated 1.5 - 5 million hosts) all began using the Tor service to check in, causing an extremely sudden and visible increase in Tor usage. Their very attempts at obscurity is what ultimately got the botnet noticed.

Darkreading covers it here:

How The Massive Tor Botnet 'Failed' -- Dark Reading

As the article suggests 'the bad guys can screw up, too' - Very interesting closure to the Tor use issue, IMO. So I thought I'd share.

Edit: More detailed reading on the botnet itself at the Fox-IT blog: http://blog.fox-it.com/2013/09/05/large-botnet-cause-of-recent-tor-network-overload/

Comments

  • cknapp78cknapp78 Member Posts: 213 ■■■■□□□□□□
    Classic. Reinforces the point to always check your code :)
  • YFZbluYFZblu Member Posts: 1,462 ■■■■■■■■□□
    Well the code worked as intended and appears to have been implimented properly; it just wasn't a very well thought out plan all things considered.
  • Master Of PuppetsMaster Of Puppets Member Posts: 1,210
    Thanks for sharing. Kind of funny, this was one of my first thoughts when they initially started talking about the sudden increase in Tor users.
    Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.
Sign In or Register to comment.