Spike in TOR usage identified as a botnet

Discussion in 'Forum for discussion of ANTICHAT' started by K800, 11 Sep 2013.

  1. K800

    K800 Nobody's Fool

    Joined:
    25 Dec 2010
    Messages:
    2,191
    Likes Received:
    3,828
    Reputations:
    372
    As we reported earlier, the spike in TOR traffic has now been identified as a botnet sometimes known as "Mevade.A".


    Security analysts at Trend Micro believe it to have originated from a Russian-speaking region. Mevade downloads various modules, such as adware and browser toolbars, depending on what the botnet's operators want to achieve.

    "The botnet appears to be massive in size as well as very widespread," Fox-IT researchers observed. "Even prior to the switch to Tor, it consisted of tens of thousands of confirmed infections within a limited amount of networks. When these numbers are extrapolated on a per country and global scale, these are definitely in the same ballpark as the Tor user increase."

    "It is possible that the purpose of this malware network is to load additional malware onto the system and that the infected systems are for sale. We have however no compelling evidence that this is true, so this assumption is merely based on a combination of small hints," Fox-IT researchers wrote.

    "We strongly associate these actors with installations of adware and hijacking search results," Trend Micro senior threat researcher Feike Hacquebord wrote. "Therefore, we suspect that one of the ways the Mevade botnet is monetized is by installing adware and toolbars onto affected systems."

    Mevade is not a new malware threat so it should be fairly easy to remove it from the network. How long that will take is unknown.

    10.09.2013
    http://www.majorgeeks.com/news/story/spike_in_tor_usage_identified_as_a_botnet.html