[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Mirai Botnet Relocates To Onions

On Sat, Dec 17, 2016 at 10:59:37PM -0700, Mirimir wrote:
> > "Try to shut down .onion 'domains' over Tor," he boasted, knowing that
> > nobody can.
> OK. However, it's not hard to scan for connections to Tor servers. And
> you don't expect them for random devices. But maybe Mirai is setup to
> use bridges.

Yuck. The 2013 botnet operator from Ukraine apparently stopped using Tor
for controlling his bots (they were doing ad click fraud), because he
attracted way more attention signing them all up to Tor than they had
attracted before, and in the end he decided it wasn't worth it.

For a while I've been trying to figure out how to share his lesson with
other botnet operators around the world. The western journalists are alas
super excited to talk about how amazing and brilliant and insightful the
idea is to move your botnet over to Tor, and if some new botnet operator
only reads those stories, they won't get an accurate impression. :(

(Keep an eye on the user graph on the metrics page, because there's a good
chance that this story is nonsense and the graph won't change at all.)


tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to