Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Botnet IT

Tor Network Used To Command Skynet Botnet 105

angry tapir writes "Security researchers have identified a botnet controlled by its creators over the Tor anonymity network. It's likely that other botnet operators will adopt this approach, according to the team from vulnerability assessment and penetration testing firm Rapid7. The botnet is called Skynet and can be used to launch DDoS (distributed denial-of-service) attacks, generate Bitcoins — a type of virtual currency — using the processing power of graphics cards installed in infected computers, download and execute arbitrary files or steal login credentials for websites, including online banking ones. However, what really makes this botnet stand out is that its command and control (C&C) servers are only accessible from within the Tor anonymity network using the Tor Hidden Service protocol."
This discussion has been archived. No new comments can be posted.

Tor Network Used To Command Skynet Botnet

Comments Filter:
  • Re:Yeah, and? (Score:4, Informative)

    by PhrostyMcByte ( 589271 ) <phrosty@gmail.com> on Sunday December 09, 2012 @09:56PM (#42238333) Homepage

    Tor only anonymizes the source of the data; Anything between the exit node and destination is sent in the clear and likely they've made some mistake that'll allow it to be blockable.

    One feature of Tor is "hidden services", where the traffic is encrypted end-to-end and even the service itself is anonymous, identified only through a .onion address. I'd guess this is what they're using.

    Some Tor nodes filter certain exits -- ie. to not allow porn through their node. if this works for hidden services I imagine this botnet could be blacklisted fairly easily if enough of the node operators got in on the act.

Machines that have broken down will work perfectly when the repairman arrives.