Tor network used to command Skynet botnet

Other botnet operators might use Tor to hide their command and control servers in the future, researchers say

By Lucian Constantin, IDG News Service |  Security

The Tor-based approach is not new, said Marco Preuss, head of the German global research and analysis team at antivirus vendor Kaspersky Lab, via email. "In the past years several presentations and research papers mentioned this method for botnets."

"One of the most important disadvantages is the complex implementation -- errors lead to easy detection -- and also the speed is a drawback," Preuss said. Depending on how Tor is used in the botnet infrastructure, there might be solutions to detect and block the traffic, as well as to disable the botnet, he said.

"A single botnet of about ten thousand machines isn't a stringent problem for the global Internet, but, if things escalate, we're sure that node administrators will cooperate with ISPs and law enforcement to take down malicious traffic," Botezatu said. "After all, Tor has been designed for anonymity and privacy, not for cyber crime."

"One countermeasure that companies or ISPs could eventually enforce in their firewall is to drop all packets that originate from known TOR nodes, in order to minimize the amount of potentially malicious traffic they receive," Botezatu said. "Of course, they might also end up blacklisting a number of legit Tor users looking for anonymity."

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Spotlight on ...
Online Training

    Upgrade your skills and earn higher pay

    Readers to share their best tips for maximizing training dollars and getting the most out self-directed learning. Here’s what they said.

     

    Learn more

Answers - Powered by ITworld

Ask a Question