In recent months, Kaspersky Lab experts have been closely monitoring so-called ‘Darknet’ resources, in particular the Tor network. One thing that is immediately obvious from this is that the cybercriminal element is growing. Although the Tor infrastructure and cybercriminal resources are not on the same scale as the conventional Internet, the experts managed to find approximately 900 hidden services online at the current time.
TOR is primarily unrestricted, free software operating via the Internet. It has users who enter sites, exchange messages on forums, communicate in IMS, etc. – just like the ‘ordinary’ Internet – but there’s one crucial difference. It is unique in that it allows its users to remain anonymous during their activity on the web. Network traffic is completely anonymous: it is impossible to identify the user’s IP in TOR, making it impossible to determine who the user is in real life. Moreover, this Darknet resource utilises so-called pseudo domains which frustrate any efforts to pick up the resource owner’s personal information.
Recently, cybercriminals have started actively using Tor to host malicious infrastructure. Kaspersky Lab experts found Zeus with Tor capabilities, then they detected ChewBacca and finally analysed the first Tor Trojan for Android. A quick look at Tor network resources reveals lots of resources dedicated to malware – C&C servers, admin panels, etc.
“Hosting C&C servers in Tor makes them harder to identify, blacklist or eliminate. Although, creating a ´Tor´ ommunication module within a malware sample means extra work for the malware developers. We expect there will be a rise in new Tor-based malware, as well as Tor support for existing malware,” said Sergey Lozhkin, Senior Security Researcher, Global Research and Analysis Team at Kaspersky Lab.
Read more at securelist.com.
Read FAQ “Demystifying Tor” at Kaspersky Daily
About Kaspersky Lab
Kaspersky Lab is the world’s largest privately held vendor of endpoint protection solutions. The company is ranked among the world’s top four vendors of security solutions for endpoint users*. Throughout its more than 16-year history Kaspersky Lab has remained an innovator in IT security and provides effective digital security solutions for large enterprises, SMBs and consumers. Kaspersky Lab, with its holding company registered in the United Kingdom, currently operates in almost 200 countries and territories across the globe, providing protection for over 300 million users worldwide. Learn more at www.kaspersky.co.uk
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.