Malware Purveyors Utilize Tor Networks, Camouflage Malicious Servers’ Source
Investigators at ESET the security company are warning about malware authors who're relying more and more on Tor networks having the feature of anonymity as a greatly workable alternative for concealing their central C&C infrastructures' exact location.
ESET researchers recently identified one instance that had worked out successful. They uncovered dual separate Tor-featured botnets, which they've been since studying.
The first botnet is built with the help of one early form-capturer Trojan that the bot-controllers knew as lately acquiring the ability for utilizing TOR's invisible utility practice to interact with its command-and-control servers associated with any TOR-based network.
Interesting as it is, the second botnet has been built quite lately during July 2013.
The mentioned Trojan called Atrax works like one backdoor; filches data; downloads more malware programs, plug-ins and files; and establishes one TOR client onto host computers.
The researchers elaborate that when the command-and-control infrastructure is first contacted, Atrax.A transmits the gathered details regarding the contaminated computer so they will reach a web id within the TOR enabled PC-network. Whilst the actual domain else IP of the C&C is impossible to ascertain using the TOR connection, it's rather easy for utilizing the TOR obtained id from the network to conduct an examination, they add. Help Net Security published this dated July 25, 2013.
It isn't unknown of Tor's employment towards supporting a botnet's C&C structure. The merits as well as demerits of this methodology underwent discussion during a presentation made in 2010 at a security conference named DefCon 18.
Feasible enforcements of the approach were observed earlier too when Rapid7 a security company, in December, detected the Skynet network-of-bots comprising 12,000-15,000 hijacked PCs, which were getting instructions from one IRC (Internet Relay Chat) panel operating like a concealed Tor facility. At that moment, Rapid7 researchers cautioned that other developers of malicious software could well imbibe the technique.
It seems ESET's prediction related to the twin fresh malicious programs that it discovered and discussed as in the article was correct.
Eventually, the company concludes that it's truly difficult for conducting investigation as also tracking C&C locations of TOR-based botnets.
» SPAMfighter News - 31-07-2013