All the latest UK technology news, reviews and analysis


Hackers turning to Tor network to hide evolved malware, warns Kaspersky Lab

20 Mar 2014
Digital security padlock red image

Criminals plan to release a fresh wave of advanced cyber attack campaigns using the anonymising Tor network, according to Kaspersky Lab.

Kaspersky Lab senior security researcher Sergey Lozhkin issued the warning during a webinar attended by V3, citing the recently discovered ChewBacca and evolved Zeus Tor malware as proof of their claim.

"The Tor network started small but lots of hackers and cyber criminals have discovered the benefits of storing their communities and malware there. We've seen malware developers creating malware that communicates with the Tor network and passes its command-and-control servers (C&C) through it. This is because when you create a resource in Tor it's almost impossible to know who owns it or where it's hosted," he said.

"They're putting their C&C server inside the Tor network so no one can easily destroy it. Already we found ChewBacca and Zeus that uses a Tor module to interact with their C&C. [This means] the communication channel [between the infected system and the C&C] is encrypted and protected by Tor. They are creating malware to support the Tor network and this will continue to rise."

Tor is an anonymising network designed to help people hide their internet activity. It does this by directing internet traffic through a volunteer network of more than 5,000 relays to conceal the user's location.

Lozhkin said the company has already seen a marked increase in the number of "hidden services" running on Tor, which rose from 910 to 1,077 over the last month.

The services included a variety of different cyber rackets outside of basic malware hosting, ranging from digital black markets, such as the recently shut down Silk Road, to recruitment pages for hacker-for-hire groups.

"Malware isn't the only thing stored in Tor. You can find any resource in there now, be it a single hacker for hire or a full-on mercenary group. They offer everything," said Lozhkin.

"There are also a lot of trade places in Tor and the number is growing every month. We see lots of new things, like stores that sell botnets operating in it. Now you can go inside Tor and easily buy a botnet. You can buy it using Bitcoins and in two clicks become a botnet master."

Kaspersky Lab's senior security researcher Stefan Tanase said criminals' use of Tor is particularly dangerous as the NSA's PRISM campaign has driven many users with appropriate cyber skills to begin using it.

"With recent goings on in the cyber world and people realising how much cyber espionage is happening, people are beginning to use Tor. In the last year, we've seen services like Tor are becoming more and more used and popular around the world and the number of users is always increasing," he said.

PRISM whistleblower Edward Snowden listed Tor and tools such as end-to-end communications encryption as key ways people can protect themselves from mass surveillance operations such as PRISM, during a privacy discussion at the SXSW conference.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson
About

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus
Poll

Windows 10 poll

What are your first impressions of Windows 10?
13%
4%
10%
4%
21%
4%
44%

Popular Threads

Powered by Disqus
V3 Sungard roundtable event - Cloud computing security reliability and scalability discussion

CIOs debate how to overhaul businesses for the digital era

V3 hosts roundtable with Sungard Availability Services

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

VoIP Application Engineer (Telephony, Dialler, TCP, IVR)

VoIP Application Engineer (VoIP Telephony, Dialler, TCP...

IT Development Manager

This is a unique and senior opportunity to establish...

IT Infrastructure Manager

Closing Date: 13/10/2014 Working within a diverse and...

Security Operations Engineer - Identity Assurance Programme

The Government Digital Service (GDS) is part of the Cabinet...
To send to more than one email address, simply separate each address with a comma.