> Typically, it is fairly clear what the purpose of malware is, such as banking, clickfraud, ransomware or fake anti-virus malware. In this case however it is a bit more difficult.
I think the article answers its own question the paragraph previous:
> While some bots continue to operate using the standard HTTP connectivity, some versions of the malware use a peer-to-peer network to communicate (KAD based).
Tor and Kademlia are both rather complex systems. To use one or the other, but not both, in different versions of your botnet, would suggest to me that this is a botnet creator split-testing the effectiveness and scalability of different command-and-control technologies.
I wonder if it is conceivable that a government agency that wouldn't like what Tor offers, could reduce Tor's attractiveness by bombing it from a botnet, much like what they've done by arresting people who host a tor node for traffic that runs across it.
With that said, I accept that this is much less likely explanation than just some Russian group just using it to facilitate their usual crime.
Could the anonymity of tor users be compromized by these presumed bots ? As for bitcoin which could be subverted if one users holds more than 50% of the bitcoins.
Most likely not. If the bots were to suddenly turn into nodes, then there is a good chance that a large percentage of users could have their anonymity compromised.
Tor anonymity relies on the fact it is difficult to tie in where you entered the system, and where you exited the system. If someone where to control a large amount of nodes, they could (in theory) tie a large amount identities together. But this requires a large amount of entry and exit nodes.
I don't think so. It looks like these bots are connecting as users, not nodes. It might be possible to use these bots to increase/control the load on tor which may be able to facilitate an attack based on controlling a significant amount of nodes.
[+] [-] derefr|12 years ago|reply
I think the article answers its own question the paragraph previous:
> While some bots continue to operate using the standard HTTP connectivity, some versions of the malware use a peer-to-peer network to communicate (KAD based).
Tor and Kademlia are both rather complex systems. To use one or the other, but not both, in different versions of your botnet, would suggest to me that this is a botnet creator split-testing the effectiveness and scalability of different command-and-control technologies.
[+] [-] X-Istence|12 years ago|reply
[+] [-] jruthers|12 years ago|reply
With that said, I accept that this is much less likely explanation than just some Russian group just using it to facilitate their usual crime.
[+] [-] brazzy|12 years ago|reply
[+] [-] chmike|12 years ago|reply
[+] [-] InXorWeTrust|12 years ago|reply
Tor anonymity relies on the fact it is difficult to tie in where you entered the system, and where you exited the system. If someone where to control a large amount of nodes, they could (in theory) tie a large amount identities together. But this requires a large amount of entry and exit nodes.
[+] [-] gwern|12 years ago|reply
You're thinking of the 50% attack where you have half the hashing power, not half the bitcoins.
[+] [-] gizmo686|12 years ago|reply
[+] [-] 001sky|12 years ago|reply