Researchers from Rapid7 (the company behind Metasploit, Nexpose, and Mobilisafe) dissected the malware and CnC infrastructure powering the Skynet botnet recently discussed in a Reddit AMA.
"What the Skynet botnet creator realized, is that he could build a much stronger infrastructure at no cost just by utilizing Tor as the internal communication protocol, and by using the Hidden Services functionality that Tor provides."
This is not good, as this kills sinkholing the C&C. Add to that the ease by which this can be obfuscated from AV detection (it's already 15Megs of random data), and you'll have some storms brewing on the horizon.
Looking at the net as the weather, i have to say very recently it's been pretty stormy out. My mail server's been getting hit badly by spam that it hasn't in the past been hit by.
I wonder if the Tor developers could provide any insight on this. If i were them i'd be facepalming like "This is why we can't have nice things."
This is not good, as this kills sinkholing the C&C. Add to that the ease by which this can be obfuscated from AV detection (it's already 15Megs of random data), and you'll have some storms brewing on the horizon.
Looking at the net as the weather, i have to say very recently it's been pretty stormy out. My mail server's been getting hit badly by spam that it hasn't in the past been hit by.
I wonder if the Tor developers could provide any insight on this. If i were them i'd be facepalming like "This is why we can't have nice things."