According to a report released by Kaspersky Labs this week, The Onion Routing service, commonly known as TOR, is being used to disguise the activities of nearly 900 botnets and cybercrime-related services currently active and running on the web today.
The summary concludes that around 5,500 nodes are being utilized by hackers to distribute, maintain, and create dozens of different types of malware, including the ZeuS banking crack, the ChewBacca POS system keylogger, and the Tor Trojan built specifically for the Android platform.
“Hosting C&C servers in Tor makes them harder to identify, blacklist or eliminate,” explained Sergey Lozhkin, a senior security researcher at Kaspersky Lab, “although creating a Tor communication module within a malware sample means extra work for the malware developers.”
It’s the inherently anonymous nature of the Tor network that makes it so attractive to cybercriminals and net-based ne’er do wells, providing a layer of cover so intricate and complex that not even the NSA was able to crack it with their best and brightest supercomputers on campus.
Lozkhin believes this is just the tip of the iceberg when it comes to what we can expect for Tor-based malware in the next few years. The combination of complete anonymity and widespread distribution make the service a perfect fit for anyone who wants to be able to maintain their viruses from halfway across the world without having to worry about whether or not the lines between themselves and the infected machine might be tapped.
The report also details the prominent role that Bitcoin has started to play on the darknet and its associated underground markets, with everything from credit card numbers to hard drugs being bought and sold with the cryptocurrency that has taken the online world by storm over the past few months.