Anonymized Botnet?



Sans has a story on botnet traffic spotted coming from the TOR network. Now, I had to refresh my memory on what TOR is, but it’s an anonymizing network, essentially a computer running TOR, would collect a list of TOR client machines on the internet and then connections to other pcs are routed through encrypted connections through several different pcs, which masks the origination of the data request. Of course, this doesn’t mean that botnets are actively making use of TOR, it could just be an inadvertant…. “route all my traffic through TOR” computer got a bug….


Of course, now that this has been reported though…. we may well start seeing intentional use of anonymizing services for malware. It certainly looks as though it could muddy the waters in a few areas. Sans is suggesting Enterprise networking setups might consider blocking TOR.

They’ve also updated to say that it appears as though this is NOT a botnet specifically making use of TOR, but a machine that is routing all traffic through TOR that has picked up a bug.

   Send article as PDF   

Similar Posts