Botnet traffic using TOR
A reader (AnthraX101) recently wrote to us about seeing botnet traffic leaving TOR network towards Internet. We are not sure at this point whether the botnets itself uses TOR or just a specific machine configured to route everything through TOR. Either way, if malware start using TOR to report back centrally, it might make detecting them more difficult. From an incident handler perspective, it makes pinpointing the victims more difficult.
For the Enterprise security folks, it might be time for you to consider blocking the use of TOR.
For the Enterprise security folks, it might be time for you to consider blocking the use of TOR.
Update:
After working with REN-ISAC on this, we have determined this specific instance is not a TOR enabled botnet, the traffic likely was configured to flow thru TOR on the host.
Keywords:
0 comment(s)
My next class:
Cloud Security for Leaders | Online | US Eastern | Feb 10th - Feb 14th 2025 |
×
Diary Archives
Comments