[tor-talk] Many more Tor users in the past week?

Eugen Leitl eugen at leitl.org
Mon Sep 9 02:09:47 PDT 2013


----- Forwarded message from mirimir <mirimir at riseup.net> -----

Date: Mon, 09 Sep 2013 07:13:33 +0000
From: mirimir <mirimir at riseup.net>
To: tor-talk at lists.torproject.org
Subject: Re: [tor-talk] Many more Tor users in the past week?
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130804 Thunderbird/17.0.8
Reply-To: tor-talk at lists.torproject.org

This
<http://blog.trendmicro.com/trendlabs-security-intelligence/the-mysterious-mevade-malware/>
explains the Israel anomaly, I think.

> The Mysterious Mevade Malware
> Published on September 5th, 2013
> Written by: Feike Hacquebord (Senior Threat Researcher)
>
> ...
>
> Yesterday, Fox-IT published evidence for this plausible explanation.
> The Mevade malware family downloaded a Tor component, possibly as a
> backup mechanism for its C&C communications. (We will release a
> second blog post describing in more detail the behavior of the
> Mevade variants we have encountered.)
>
> Feedback provided by the Smart Protection Network shows that the
> Mevade malware was, indeed, downloading a Tor module in the last
> weeks of August and early September. Tor can be used by bad actors
> to hide their C&C servers, and taking down a Tor hidden service is
> virtually impossible.
>
> The actors themselves, however, have been a bit less careful about
> hiding their identities. They operate from Kharkov, Ukraine and
> Israel and have been active since at least 2010. One of the main
> actors is known as “Scorpion”. Another actor uses the nickname
> “Dekadent”. Together, they are part of a well organized and
> probably well financed cybercrime gang.
>
> ...
-- 
tor-talk mailing list - tor-talk at lists.torproject.org
To unsusbscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B  47EE F46E 3489 AC89 4EC5



More information about the cypherpunks mailing list