Zerosecurity
  • Home
  • Security
    • Exploits
    • Mobile Security
  • Malware
  • Data Breaches
  • Crypto
  • Privacy
  • Downloads
    • Malwarebytes
    • Exploits
    • Paper Downloads
    • Software & Service Reviews
No Result
View All Result
SUBSCRIBE
Zerosecurity
  • Home
  • Security
    • Exploits
    • Mobile Security
  • Malware
  • Data Breaches
  • Crypto
  • Privacy
  • Downloads
    • Malwarebytes
    • Exploits
    • Paper Downloads
    • Software & Service Reviews
No Result
View All Result
Zerosecurity
No Result
View All Result
Home Malware

Tor Network being used to Hide Malware servers Increases

Paul Anderson by Paul Anderson
December 18, 2013
in Malware
0
tornetwork logo 100047531 orig
74
SHARES
1.2k
VIEWS
Share on FacebookShare on Twitter

A new strain of malware dubbed “ChewBacca” after the character in Star Wars series is the name that was given to one of the bots functions.  The malware drops the function ‘P$CHEWBACCA$_$TMYAPPLICATION_$__$$_INSTALL’  as ‘spoolsv.exe’ into the user’s startup folder and asks for the public IP of the victim using a public service.

You might also like

Netwire RAT seized by FBI and other worldwide police agencies

The Emotet botnet returns and is sending a slew of malicious emails

Update-resistant malware infects SonicWall security appliances

Then the Tor function is dropped as ‘tor.exe’ to the user’s Temp folder and runs with a default port number localhost:9050.

Researchers at Kaspersky Labs identified this malware and stated,  “Lately Tor has become more attractive as a service to ensure users’ anonymity,”  explained Kaspersky Lab expert, Marco Preuss. “Also criminals use it for their activities, but they are only slowly adopting this to host their malicious infrastructure.”

Tor was also utilized in a recent Zeus variant captured in the wild which also included functionality aimed at 64-bit systems. Additional malware like the CrimewareKit Atrax and the botnet built using the Mevade malware have already been spotted using Tor.

Using Tor offers a level of protection that masks the location if the Command and Control server the malware uses to recieve and send commands. Nevertheless, you can find disadvantages for attackers. For instance, because of the network and structure setup, Tor is naturally slower.  In addition to the slow Tor network, as seen with Mevade, a massive rise in botnet activity can affect the network making such activity easy for researchers to identify.

“Tor is just one of many tricks in a good malware author’s – or gang’s – toolbox,” noted Richard Henderson, Security specialist at Fortinet. “Tracking down command and control can be difficult; other methods like…bouncing through C&C proxies, using domain generation algorithms and multiple C&C proxies, or using a P2P C&C model…can make it difficult for researchers to track down the head of the beast in order to lop it off.”

When operating, ChewBacca records all keystrokes to a log file named ‘system.log’, that’s produced by the malware dropped and operating in the local Temp folder. The Trojan also looks at all running processes, scans their process memory and utilizes two various typical expression patterns to take data.

Tags: Kaspersky LabmalwareMevadePeer to Peertor
Share30Tweet19
Paul Anderson

Paul Anderson

Editor and chief at ZeroSecurity. Expertise includes programming, malware analysis, and penetration testing. If you would like to write for ZeroSecurity, please click "Contact us" at the top of the page.

Recommended For You

Netwire RAT seized by FBI and other worldwide police agencies

by Christi Rogalski
March 16, 2023
0
Netwire RAT seized by FBI and other worldwide police agencies

The FBI, in partnership with several police agencies worldwide, has carried out an international law enforcement operation resulting in the arrest of a suspected administrator of the NetWire...

Read more

The Emotet botnet returns and is sending a slew of malicious emails

by Kyle
March 14, 2023
0
The Emotet botnet returns and is sending a slew of malicious emails

The notorious Emotet botnet, considered one of the biggest threats to internet security, has resurfaced after a prolonged hiatus, armed with new tactics. The botnet's trademark strategy of...

Read more

Update-resistant malware infects SonicWall security appliances

by Paul Anderson
March 12, 2023
0
Update-resistant malware infects SonicWall security appliances

Researchers have discovered that threat actors linked to the Chinese government are using malware to infect SonicWall's Secure Mobile Access 100, a popular security appliance, which remains active...

Read more

Fake ChatGPT websites are popping up and spreading malware

by Paul Anderson
March 1, 2023 - Updated on March 2, 2023
0
ChatGPT is found spreading malware created in Python

It was only a matter of time before hackers would start using the growing popularity of ChatGPT to spread malware and steal sensitive personal information. Recently, multiple security...

Read more

BlueSky Ransomware Infects KMSAuto Activator users

by Kyle
July 20, 2022 - Updated on July 22, 2022
0
BlueSky Ransomware backdoors KMSAuto activator

A financially motivated threat actor has been discovered spreading a new ransomware strain, dubbed BlueSky. The group is believed to be connected to the Conti ransomware group. CloudSEK's...

Read more
Next Post
Target allegedly breached since Black Friday

Target allegedly breached since Black Friday

Related News

Netwire RAT seized by FBI and other worldwide police agencies

Netwire RAT seized by FBI and other worldwide police agencies

March 16, 2023
The Emotet botnet returns and is sending a slew of malicious emails

The Emotet botnet returns and is sending a slew of malicious emails

March 14, 2023
Update-resistant malware infects SonicWall security appliances

Update-resistant malware infects SonicWall security appliances

March 12, 2023
Zerosecurity

We cover the latest in Information Security & Blockchain news, as well as threat trends targeting both sectors.

Categories

  • Crypto
  • Data Breaches
  • DotNet Framework
  • Downloads
  • Exploits
  • Exploits
  • Information
  • Legal
  • Malware
  • Malware Analysis
  • Mobile Security
  • Paper Downloads
  • Piracy
  • Privacy
  • Programming
  • Public
  • Security
  • Security
  • Software & Service Reviews
  • Technology News
  • Tools
  • Tutorials
  • Video Tutorials
  • Whitepapers
  • Zero Security
  • Contact Us
  • List of our Writers

© 2022 ZeroSecurity, All Rights Reserved.

No Result
View All Result
  • Home
  • Security
  • Exploits
  • Data Breaches
  • Malware
  • Privacy
  • Mobile Security
  • Tools
  • Contact Us
  • Privacy Policy

© 2022 ZeroSecurity, All Rights Reserved.