update -: Here is the poop – Skynet is bitcoin c&c and the Tor Zombies are Bitcoin miners- Here is the Botnets – :–http://arxiv.org/pdf/1308.6768v1.pdf -so I ran my crawler on them and got this little hit on all the Skynet were Bitcoin c&c Server
qdzjxwujdtxrjkrz.onion Skynet -realm=”bitcoin-mining-proxy” -HTTP/1.1 401 Unauthorized
URL of the Site — : http://qdzjxwujdtxrjkrz.onion
HTTP/1.1 401 Unauthorized WWW-Authenticate: Basic realm=”bitcoin-mining-proxy” Content-Type: text/plain Transfer-Encoding: chunked Date: Wed, 11 Sep 2013 16:16:57 GMT Proxy-Connection: keep-alive Sorry, I don’t know you.
on all the Skynet I get this realm – bit coin-mining-proxy- this is a secret hidden service that only if you have the right authorization in your torrc file the Tor website will reject you – So all the botnets have the right authorization name- pretty sweet setup I say- now 3million Tor Botnets turning Bitcoins – no wonder these zombies are real quite in Tor- got them-
Large botnet cause of recent Tor network overload - http://blog.fox-it.com/2013/09/05/large-botnet-cause-of-recent-tor-network-overload/
gAto sEe- ever since Aug 19, 2013 Tor has been getting a lot of users. First 1 million, then 2 million then over 3.5 NEW million Tor users in the last 25 days. So what is happening in Tor world is that they are going crazy, Tor relay operators have reported what looks like they are dDoS-ig their own relays sometimes. Lots of circuits built and broken and this has put a big strain on Tor.
Worst still these new 3.5 Million Tor users are just sitting idle and the Tor network is freaking out. To get a hidden service connection is almost impossible but I can still use Tor to use the clear-web with no problems. Thu Tor I can see my site- uscyberlabs and any other non-Tor site and it loads pretty fast. When I try the hidden Wiki – NO-GO
If I keep at it I will finally find a Tor-website- like my own that works and it loads.
my new toy in Tor- Secure Encrypted Tor Messaging website – http://tpgewiccpecsbajt.onion/ – so I know Tor is still working.
Tor Bot-Net -How to handle millions of new Tor clients – problem is messing with everyone.
- Left over FBI bonnet – from the Freedom Host Raid around Aug 5
- Russian Bot-net
- Some Tor Experiment gone -lOcO – NOT gAtO, at least this time.. mEoW
- Was August 19 the starting date to run en masse from the NSA’s PRISM project?
- Were European internet users downloading the latest American cable TV series via Tor only, thus overcoming blockades of sites like the Pirate Bay by European ISPs?
- So some thought a botnet abusing the Tor network to hide its command and control server must be the reason of the sudden increase of Tor users.
- The Mevade malware family downloaded a Tor component, possibly as a backup mechanism for its C&C communications.
- TrendLabs says- “The actors themselves, however, have been a bit less careful about hiding their identities. They operate from Kharkov, Ukraine and Israel and have been active since at least 2010. One of the main actors is known as “Scorpion”. Another actor uses the nickname “Dekadent”. Together, they are part of a well organized and probably well financed cybercrime gang.”
The Tor network is overloaded – but they still have no idea what is going on in Tor and how to stop it and/or control it. So were do we go from here in Tor. I got my box working and some other tor websites may need to think about the version they use until we get this Tor-Bot net under control in Tor -gATO oUt
Client- Sep 09 09:56:05.868 [Notice] Tor v0.2.3.25
Server Tor v0.2.3.25 – on Linux - http://tpgewiccpecsbajt.onion/ - Testing my new site in Tor and I noticed