back to article Zombie PC herders issue commands from Tor hideout

Security researchers have discovered a botnet that uses the Tor anonymiser network to hide its command nodes. Owners of the compromised network of Windows PCs have placed their command-and-control server, which uses the common IRC protocol, as a hidden service inside of the Tor network. Aside from the use of Tor for extra …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    What legit TOR traffic will a company ever use ?

    Seriouosly I am curioous

    I can't think of a single reason why a company would use it or support in for their customers.

    1. Antidisestablishmentarianist

      Re: What legit TOR traffic will a company ever use ?

      Linux distros? Oh hang on, thats the legitimate use for torrents isn't it.

      Maybe secret Linux distros?

    2. Ginger

      Re: What legit TOR traffic will a company ever use ?

      What you've just discovered is "churnalism", where the journo copys and pastes straight from the original article without applying any intelligence.

    3. Cheapster
      Happy

      Re: What legit TOR traffic will a company ever use ?

      Are companies are the only legitimate users of the internets?

      I can think of a few legit uses, perhaps by posters outside China, Israel or similar.

      I bet Bradley Manning could have used a bit of deniability too, although that depends on your definition of legit.

    4. Anonymous Coward
      Anonymous Coward

      Another "if you have nothing to hide" canard.

      Yes, why would anyone want to use tor at all? They must have something to hide!

      Like, oh, the discretion of their customers? No? Not good enough? Then what is?

      I can think of plenty of busineses that legitimately want to keep their communication with their customers secret. Lawyers, for one. Plenty places that one's even enshrined in law. So in these times you'd want encrypted email and encrypted phones and that sort of thing. But that's not the whole picture.

      Plenty times doing "traffic analysis" reveals enough information to make decrypting the actual messages a moot point. Traffic analysis? Yes, looking at patterns. Who talks to whom, or sends messages, or meets up, or whatever. So if confidentiality is legit at all, then so is hiding your traffic patterns, and tor helps exactly with that.

      So any time a company has a legit interest in not revealing to third parties the contents of messages sent to or received from its customers, it should have a legit interest in tor, whether it does or not.

    5. Oliver Burkill

      Re: What legit TOR traffic will a company ever use ?

      By default tor relays use port 443, it's indistinguishable from standard https traffic.

  2. Anonymous Coward
    Anonymous Coward

    Really

    Is this the first time the bot-herders have thought of it? Seems relatively obvious imo...

    I guess it's one way to really test the security of TOR

    1. Matt Bryant Silver badge
      Pirate

      Re: Really

      "....I guess it's one way to really test the security of TOR." Unfortunately, it also raise the question of how far the politicians can push the law to get TOR and other anonymiser networks either shut down or with tracing built in upon Police request.

  3. Crisp
    Pint

    The arms race continues...

    It's quite interesting to watch the evolution of cyber arms and armour from the sidelines.

  4. Iggle Piggle

    If my car is caught speeding doing 100mph on the M1 then I get the fine unless I can hand over the real perpetrators. Running TOR on my machine and then throwing my hands up in bewilderment when that network is used for illegal purposes seems like a very flimsy defence.

  5. Badvok
    Pirate

    Caution!

    Any criticism of Tor or the suggestion that it can be used for nefarious purposes is likely to be down-voted harshly by the Privtards who reside here.

    1. The Man Who Fell To Earth Silver badge
      FAIL

      Idiots

      The single biggest issue with Tor is all of the idiots running nodes who given them host lookup names that identify them as Tor nodes. My company, for example, blocks any connections via the Tor network, which is easy to do most of the time because of all the Tor node morons who self-identify as Tor nodes (e.g. Host name: tor12.anonymizer.ccc.de, IP address 62.113.219.5). Gee whiz, might that be an anonymous proxy? And if the name isn't enough, they usually assigning the node an ISO 3166 Country Code of A1 (anonymous proxy).

      Hey! Don't look at me! Nothing to see, move along...

      1. Anonymous Coward
        Anonymous Coward

        Re: Idiots

        There is no reason to call such people idiots, although it may be idiotic to waste the effort you do blocking Tor in such an ad hoc way since the Tor Project offers public lists to people who wish to block traffic from the network. See the Tor abuse FAQ under #Bans

        Tor protects the anonymity of clients not relays (except bridges). So there is nothing idiotic in identifying via hostname or otherwise that a host is a Tor relay. The general Tor FAQ under #HideExits explains why the the network identity of exit relays are not hidden (partly so that people can choose whether they want to allow connections from the Tor network to their servers).

      2. Old Handle
        Facepalm

        Re: Idiots

        Tor nodes are not mean to be secret*. In fact I think you will find that the Tor Project publishes are convenient list of all exit nodes for anyone who wishes to block them. So you're only wasting your time looking at host names. But if doing it the hard and ineffective way makes you feel more 1337, go ahead.

        *Except for bridge relays which are entry points only, and intended for people evading state censorship and such.

    2. Jim Carter
      Thumb Down

      Re: Caution!

      Privtard? Talk about an ad hominem attack on people who actually value their privacy. Tell me, if someone asked for your PIN, would you give it to them?

      1. Matt Bryant Silver badge
        FAIL

        Re: Caution!

        "....if someone asked for your PIN....." Completely OTT comparison. TOR has nothing to do with hiding PINs.

  6. Anonymous Coward
    Anonymous Coward

    Tor? Private?

    Big Brother is watching you Tor.

  7. Anonymous Coward
    Anonymous Coward

    Now if only...

    ... those botnets would join the tor network as exit nodes. It'd be "giving back to the community" writ large. WIth resources you don't own, true, but that is pretty much the point of setting up a botnet in the first place.

    No, I don't condone botnets, but if you're going to drag down whichever useful technology, you might as well be doing it with style.

    1. Anonymous Coward
      Anonymous Coward

      Don't give them ideas

      Too many people are using Tor with the false belief that all information going through it (such as a cleartext password) remains completely encrypted to its destination, while in reality Tor only provides anonymity, not security. Because of this, running exit nodes is a great way to harvest passwords and other sensitive info from the unwary - the last thing we need is botnet exit nodes who do this on a massive scale.

  8. Arachnoid
    Go

    Hmm.......doesnt this software come under the same banner as P2P software such as uTorrent.............I mean thats used legitimatly too,honest ossifer

This topic is closed for new posts.

Other stories you might like