[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Many more Tor users in the past week?

explains the Israel anomaly, I think.

> The Mysterious Mevade Malware
> Published on September 5th, 2013
> Written by: Feike Hacquebord (Senior Threat Researcher)
> ...
> Yesterday, Fox-IT published evidence for this plausible explanation.
> The Mevade malware family downloaded a Tor component, possibly as a
> backup mechanism for its C&C communications. (We will release a
> second blog post describing in more detail the behavior of the
> Mevade variants we have encountered.)
> Feedback provided by the Smart Protection Network shows that the
> Mevade malware was, indeed, downloading a Tor module in the last
> weeks of August and early September. Tor can be used by bad actors
> to hide their C&C servers, and taking down a Tor hidden service is
> virtually impossible.
> The actors themselves, however, have been a bit less careful about
> hiding their identities. They operate from Kharkov, Ukraine and
> Israel and have been active since at least 2010. One of the main
> actors is known as “Scorpion”. Another actor uses the nickname
> “Dekadent”. Together, they are part of a well organized and
> probably well financed cybercrime gang.
> ...
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsusbscribe or change other settings go to