Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Tor network used to command Skynet botnet

From: InfoSec News <alerts () infosecnews org>
Date: Tue, 11 Dec 2012 01:12:56 -0600 (CST)
http://news.techworld.com/security/3415592/tor-network-used-command-skynet-botnet/

By Lucian Constantin
Techworld.com
10 December 2012
Security researchers have identified a botnet controlled by its creators over the Tor anonymity network. It's likely that other botnet operators will adopt this approach, according to the team from vulnerability assessment and penetration testing firm Rapid7.
The botnet is called Skynet and can be used to launch DDoS (distributed denial-of-service) attacks, generate Bitcoins - a type of virtual currency - using the processing power of graphics cards installed in infected computers, download and execute arbitrary files or steal login credentials for websites, including online banking ones.
However, what really makes this botnet stand out is that its command and control (C&C) servers are only accessible from within the Tor anonymity network using the Tor Hidden Service protocol.
Tor hidden services are most commonly Web servers, but can also be Internet Relay Chat (IRC), Secure Shell (SSH) and other types of servers. These services can only be accessed from inside the Tor network through a random-looking hostname that ends in the .onion pseudo-top-level domain. 

[...]


______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org
Previous By Date Next
Previous By Thread Next

Current thread: