The storm botnet is using tor

Intro
Let’s start out with a small introduction about Tor. A brief quote from the Tor Project:

Tor is a toolset for a wide range of organizations and people that want to improve their safety and security on the Internet. Using Tor can help you anonymize web browsing and publishing, instant messaging, IRC, SSH, and other applications that use the TCP protocol. Tor also provides a platform on which software developers can build new applications with built-in anonymity, safety, and privacy features.

In basics it’s a tool that helps you to stay anonymous when browsing the web using “any” application. The project is supported by volunteers who share resources (hardware & bandwidth) for Tor to use.
how tor works

Storm evolved
The storm botnet has evolved to using tor. The started “promoting” Tor… But instead of linking to the project binary, they link to their own compromised version. Even thought there are voices who are bashing the Tor project for this. But this is totally uncalled for. If we would extend such a way of thinking, then we would have to bash mail servers too. As they provide the means to send spam too. The aim of the project is sincere, but the abuse of the storm project on their back is not.

There are a lot of anonimizers out there, and they have been (ab)used in the past too. I’m thinking about the open web proxies, or wrongly configured proxies. But in this case they aren’t using Tor to hide their traffic. But instead their trying to trick users into download a compromised Tor executable. The Storm bot net uses a system called Fast Flux to hide traffic.

Reference:
“Storm Worm Evolves To Use Tor” @ Slashdot

One thought on “The storm botnet is using tor

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.