SANS: Botnet traffic using TOR

A reader (AnthraX101) recently wrote to us about seeing botnet traffic leaving TOR network towards Internet. We are not sure at this point whether the botnets itself uses TOR or just a specific machine configured to route everything through TOR. Either way, if malware start using TOR to report back centrally, it might make detecting them more difficult.

From an incident handler perspective, it makes pinpointing the victims more difficult. SANS - Internet Storm Center - Cooperative Cyber Threat Monitor And Alert System

Linked by shanmuga Thursday, 13th July 2006 1:35AM