Experts of the company G-Data found botnet command nodes which were hidden by anonymizer Tor
Owners of the botnet consisting of computers running the operating system Windows, disguised its C&C server that is hidden within the network service Tor. C&C server to use to connect to the IRC bots normal protocol.According to experts, botnet owners switched to P2P architecture for the last several years, gradually abandoning the use of centralized C&C servers. The use of P2P technology allows individual computers to the botnet send commands to other computers in the network. However, this architecture also has significant drawbacks, as it allows competitors or professionals working in state agencies to seize control of the botnet. Of course, this can only be done if the botnet is not protected by a complex mechanism of authentication.
As the employees of G-Data, the use of Tor was the only thing that distinguishes this botnet of several similar.
Using Tor allows botnet owners to remain anonymous, because the use of IRC server as a hidden service complicates the task of finding him.
Managing traffic is encrypted by means of a botnet Tor. This allows attackers to bypass intrusion detection systems, which today are a standard component of the protection systems of modern enterprises. In addition, block Tor is extremely difficult from a legal point of view, since in general the use of anonymizer is legitimate, and blocking it may infringe the rights of legitimate users.
No comments:
Post a Comment