All the latest UK technology news, reviews and analysis

Hackers turning to Tor network to hide evolved malware, warns Kaspersky Lab

20 Mar 2014
Digital security padlock red image

Criminals plan to release a fresh wave of advanced cyber attack campaigns using the anonymising Tor network, according to Kaspersky Lab.

Kaspersky Lab senior security researcher Sergey Lozhkin issued the warning during a webinar attended by V3, citing the recently discovered ChewBacca and evolved Zeus Tor malware as proof of their claim.

"The Tor network started small but lots of hackers and cyber criminals have discovered the benefits of storing their communities and malware there. We've seen malware developers creating malware that communicates with the Tor network and passes its command-and-control servers (C&C) through it. This is because when you create a resource in Tor it's almost impossible to know who owns it or where it's hosted," he said.

"They're putting their C&C server inside the Tor network so no one can easily destroy it. Already we found ChewBacca and Zeus that uses a Tor module to interact with their C&C. [This means] the communication channel [between the infected system and the C&C] is encrypted and protected by Tor. They are creating malware to support the Tor network and this will continue to rise."

Tor is an anonymising network designed to help people hide their internet activity. It does this by directing internet traffic through a volunteer network of more than 5,000 relays to conceal the user's location.

Lozhkin said the company has already seen a marked increase in the number of "hidden services" running on Tor, which rose from 910 to 1,077 over the last month.

The services included a variety of different cyber rackets outside of basic malware hosting, ranging from digital black markets, such as the recently shut down Silk Road, to recruitment pages for hacker-for-hire groups.

"Malware isn't the only thing stored in Tor. You can find any resource in there now, be it a single hacker for hire or a full-on mercenary group. They offer everything," said Lozhkin.

"There are also a lot of trade places in Tor and the number is growing every month. We see lots of new things, like stores that sell botnets operating in it. Now you can go inside Tor and easily buy a botnet. You can buy it using Bitcoins and in two clicks become a botnet master."

Kaspersky Lab's senior security researcher Stefan Tanase said criminals' use of Tor is particularly dangerous as the NSA's PRISM campaign has driven many users with appropriate cyber skills to begin using it.

"With recent goings on in the cyber world and people realising how much cyber espionage is happening, people are beginning to use Tor. In the last year, we've seen services like Tor are becoming more and more used and popular around the world and the number of users is always increasing," he said.

PRISM whistleblower Edward Snowden listed Tor and tools such as end-to-end communications encryption as key ways people can protect themselves from mass surveillance operations such as PRISM, during a privacy discussion at the SXSW conference.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus

Work location poll - office, remote or home?

Where do you spend most time working on your primary work device?

Popular Threads

Powered by Disqus
LG G Flex 2 hands-on review

CES 2015: LG G Flex 2 video

A closer look at LG's latest curved-screen smartphone

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Beacon technology: what are the opportunities and how does the technology work?

This paper seeks to provide education and technical insight to beacons, in addition to providing insight to Apple's iBeacon specification


Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

IT Security Analyst (Cyber, Wireshark, SIEM)

IT Security Analyst (Cyber, Wireshark, SIEM) Why apply...

Systems Operations Supervisor

Our Client is seeking an Operations Systems Analyst/Supervisor...

Project Manager / Technical Project Manager - (Prince 2, ERP, MS Project, ISO, PPI)

Project Manager / Technical Project Manager - (Prince...

Software QA Tester - No.1 Online Video Gaming Tech Provider

Software QA Tester - No.1 Online Video Gaming Tech Provider...
To send to more than one email address, simply separate each address with a comma.