Information Security News
mailing list archives
Tor network used to command Skynet botnet
From: InfoSec News <alerts () infosecnews org>
Date: Tue, 11 Dec 2012 01:12:56 -0600 (CST)
By Lucian Constantin
10 December 2012
Security researchers have identified a botnet controlled by its creators
over the Tor anonymity network. It's likely that other botnet operators
will adopt this approach, according to the team from vulnerability
assessment and penetration testing firm Rapid7.
The botnet is called Skynet and can be used to launch DDoS (distributed
denial-of-service) attacks, generate Bitcoins - a type of virtual
currency - using the processing power of graphics cards installed in
infected computers, download and execute arbitrary files or steal login
credentials for websites, including online banking ones.
However, what really makes this botnet stand out is that its command and
control (C&C) servers are only accessible from within the Tor anonymity
network using the Tor Hidden Service protocol.
Tor hidden services are most commonly Web servers, but can also be
Internet Relay Chat (IRC), Secure Shell (SSH) and other types of
servers. These services can only be accessed from inside the Tor network
through a random-looking hostname that ends in the .onion
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
- Tor network used to command Skynet botnet InfoSec News (Dec 11)