The Tor-based approach is not new, said Marco Preuss, head of the German global research and analysis team at antivirus vendor Kaspersky Lab, via email. "In the past years several presentations and research papers mentioned this method for botnets."
"One of the most important disadvantages is the complex implementation -- errors lead to easy detection -- and also the speed is a drawback," Preuss said. Depending on how Tor is used in the botnet infrastructure, there might be solutions to detect and block the traffic, as well as to disable the botnet, he said.
"A single botnet of about ten thousand machines isn't a stringent problem for the global Internet, but, if things escalate, we're sure that node administrators will cooperate with ISPs and law enforcement to take down malicious traffic," Botezatu said. "After all, Tor has been designed for anonymity and privacy, not for cyber crime."
"One countermeasure that companies or ISPs could eventually enforce in their firewall is to drop all packets that originate from known TOR nodes, in order to minimize the amount of potentially malicious traffic they receive," Botezatu said. "Of course, they might also end up blacklisting a number of legit Tor users looking for anonymity."