Tor Surge Likely Due to BotNet
As recently noted
, the anonymizing Tor network saw an unprecedented spike in traffic in August, the 100% surge during the month to 1,200,000 users being the highest usage on record for the project. Lots of speculation
had floated around for the cause of that spike, ranging from botnets to the Pirate Bay's new filter-skirting browser (which uses Tor). After some analysis, security firms like Fox-IT stated that the culprit most likely was a botnet
In recent days, we have indeed found evidence which suggests that a specific and rather unknown botnet is responsible for the majority of the sudden uptick in Tor users. A recent detection name that has been used in relation to this botnet is “Mevade.A”, but older references suggest the name “Sefnit”, which dates back to at least 2009 and also included Tor connectivity. We have found various references that the malware is internally known as SBC to its operators.
This sudden surge comes immediately on the heels of suspicions that the FBI has been using malware to attack the network
. That conclusion seems backed up by a blog post over at the Tor network
The fact is, with a growth curve like this one, there's basically no way that there's a new human behind each of these new Tor clients. These Tor clients got bundled into some new software which got installed onto millions of computers pretty much overnight. Since no large software or operating system vendors have come forward to tell us they just bundled Tor with all their users, that leaves me with one conclusion: somebody out there infected millions of computers and as part of their plan they installed Tor clients on them.
Tor Project leader "Arma" proceeds to note that the problem could swamp the network, resulting in Tor Relays dropping half the requests they get, resulting in chained failures across the network. Tor goes on to hope that the botnet developers, who the group believes are using Tor to experiment with masking BotNet communications, will quickly realize Tor really doesn't provide the kind of scale they're looking for.