

Anatomy of a botnet: Rapid7 researchers dissect Skynet - burlyscudd
https://community.rapid7.com/community/infosec/blog/2012/12/06/skynet-a-tor-powered-botnet-straight-from-reddit
Researchers from Rapid7 (the company behind Metasploit, Nexpose, and Mobilisafe) dissected the malware and CnC infrastructure powering the Skynet botnet recently discussed in a Reddit AMA.
======
deeqkah
"What the Skynet botnet creator realized, is that he could build a much
stronger infrastructure at no cost just by utilizing Tor as the internal
communication protocol, and by using the Hidden Services functionality that
Tor provides."

This is not good, as this kills sinkholing the C&C. Add to that the ease by
which this can be obfuscated from AV detection (it's already 15Megs of random
data), and you'll have some storms brewing on the horizon.

Looking at the net as the weather, i have to say very recently it's been
pretty stormy out. My mail server's been getting hit badly by spam that it
hasn't in the past been hit by.

I wonder if the Tor developers could provide any insight on this. If i were
them i'd be facepalming like "This is why we can't have nice things."

