[tor-talk] Many more Tor users in the past week?
mirimir
mirimir at riseup.net
Mon Sep 9 07:13:33 UTC 2013
This
<http://blog.trendmicro.com/trendlabs-security-intelligence/the-mysterious-mevade-malware/>
explains the Israel anomaly, I think.
> The Mysterious Mevade Malware
> Published on September 5th, 2013
> Written by: Feike Hacquebord (Senior Threat Researcher)
>
> ...
>
> Yesterday, Fox-IT published evidence for this plausible explanation.
> The Mevade malware family downloaded a Tor component, possibly as a
> backup mechanism for its C&C communications. (We will release a
> second blog post describing in more detail the behavior of the
> Mevade variants we have encountered.)
>
> Feedback provided by the Smart Protection Network shows that the
> Mevade malware was, indeed, downloading a Tor module in the last
> weeks of August and early September. Tor can be used by bad actors
> to hide their C&C servers, and taking down a Tor hidden service is
> virtually impossible.
>
> The actors themselves, however, have been a bit less careful about
> hiding their identities. They operate from Kharkov, Ukraine and
> Israel and have been active since at least 2010. One of the main
> actors is known as “Scorpion”. Another actor uses the nickname
> “Dekadent”. Together, they are part of a well organized and
> probably well financed cybercrime gang.
>
> ...
More information about the tor-talk
mailing list