On Mon, 02 Sep 2013 21:39:35 +0000, Yoriz wrote:
That Guy wrote:
to remove this soap opera from a technical mailing list.
"Soap opera"? Apparently you are missing the point.
The soap opera was the part where someone tried to filter tor traffic on moral grounds which is obviously not feasible.
Obviously malware writers will use Tor for various purposes, but connecting to a C&C via Tor would not make sense since they have the largest anonymising botnet themselves.
It would still be the question what the botnet is for - anonymization isn't usually the goal. Using a hidden service for C&C access gets you around all the stuff with fastflux deployment.
Which in turn makes me wonder: How much code change and deployment would it take to take down (as in 'make inaccessible via the tor network') a given hidden service?
Andreas