[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Tor and Viruses




On Tue, 12 Apr 2011 20:46 -0700, "Porcelain Mouse"
<porcelain_mouse@xxxxx> wrote:
> Greetings All,
> 
>  	I've been running an exit for about 5 months, but had to stop due 
> to virus abuses.  In the last two weeks, my ISP has partially blocked my 
> Internet access twice due to suspected virus infections.  I'll spare you 
> the long story, but I was able to get a copy of their "evidence" and I'm 
> fairly certain it was connections made through my Tor relay.
> 
>   1) How common is it that Tor is abused by viruses?  What is the trend?
>   2) Is this just standard virus-kit material, these days?
> 
> I guess I was a little surprised.  Obviously, this is a great idea for 
> hiding the infection site, so I'm sure it's being done.  But still, I've 
> been fighting viruses for quite a while and I don't think I've read a 
> single virus description that mentioned Tor.  I'm sure it's happening,
> but 
> I've never heard a single statistic about it, so I thought I would ask.
> 
> Also, this type of abuse is *not* mentioned on the Tor wiki's Abuse FAQ 
> under "What should I expect if I run an exit relay?"  I read that section 
> carefully and was prepared for most of the things mentioned.  Again, I'm 
> not completely shocked.  I'm just saying it didn't seem likely, according 
> to the FAQ.  It would be nice to know how likely is this kind of abuse, 
> and what is the trend.  (And, maybe someone can add the results to the
> FAQ 
> when we have an answer.)
> 
> Thanks,
> PMouse

It's still not common. I assume a zombie computer somewhere was trying
to connect to a Command&Control server via Tor - a C&C which is being
sinkholed by anti-malware researchers or is otherwise flagged. So your
exit machine looks as if it is infected.
We should start thinking hard about how to stop botnets using Tor.
GD

-- 
http://www.fastmail.fm - The way an email service should be

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays