IEEE Computer Society Newsfeed

Subscribe RSS

« Back

Microsoft Takes Aim at Tor-Distributed Botnet

Microsoft reports it has been quietly deleting old versions of Tor anonymizing software clients from Windows machines to prevent them from being exploited by the Sefnit botnet. Sefnit adds a version of the Tor client to computers it infects to anonymize communications with the hacker’s command and control server. Sefnit uses its botnet for click fraud and illegal Bitcoin mining, and also leaves infected computers open to other types of attacks. Although the precise number of infected computers isn’t known, the Tor network grew from roughly 1 million computers to 5.5 million computers in about two weeks because of Sefnit’s spread. The precise number isn’t known because the number could include those who willingly added Tor to their computer. Microsoft says it has removed 2 million infected Tor client systems from computers. Microsoft estimates there are at least two million more infected machines that are probably not running Microsoft security software, which could eliminate the threat. (SlashDot)(Malware Protection Center, Microsoft Threat Research & Response Blog)

Trackback URL: