The storm botnet is using tor

Let’s start out with a small introduction about Tor. A brief quote from the Tor Project:

Tor is a toolset for a wide range of organizations and people that want to improve their safety and security on the Internet. Using Tor can help you anonymize web browsing and publishing, instant messaging, IRC, SSH, and other applications that use the TCP protocol. Tor also provides a platform on which software developers can build new applications with built-in anonymity, safety, and privacy features.

In basics it’s a tool that helps you to stay anonymous when browsing the web using “any” application. The project is supported by volunteers who share resources (hardware & bandwidth) for Tor to use.
how tor works

Storm evolved
The storm botnet has evolved to using tor. The started “promoting” Tor… But instead of linking to the project binary, they link to their own compromised version. Even thought there are voices who are bashing the Tor project for this. But this is totally uncalled for. If we would extend such a way of thinking, then we would have to bash mail servers too. As they provide the means to send spam too. The aim of the project is sincere, but the abuse of the storm project on their back is not.

There are a lot of anonimizers out there, and they have been (ab)used in the past too. I’m thinking about the open web proxies, or wrongly configured proxies. But in this case they aren’t using Tor to hide their traffic. But instead their trying to trick users into download a compromised Tor executable. The Storm bot net uses a system called Fast Flux to hide traffic.

“Storm Worm Evolves To Use Tor” @ Slashdot

One thought on “The storm botnet is using tor

  1. Storm is not using Tor. It’s called social engineering: Storm uses Tor’s good reputation to get people to click the link and get infected.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.