Tor Malware Description
The Tor Malware infection has appeared in the news due to its use in a high profile police case that helped take down various TOR websites involved with child pornography and other illegal activities. Taking advantage of a bug in the Firefox build on which TOR is based, law enforcement officials were able to create a Tor Malware infection that sends the location of the infected computer to the person controlling the Tor Malware infection. This proved to be essential in taking down illegal content on TOR which is specifically designed to hide computer users and provide notoriously hard to crack anonymity.
The Tor Malware infection that is being used currently has been targeting the number one TOR target, Freedom Hosting. The main reason why these Web pages have drawn the attention of law enforcement is that they were usually used to distribute illegal pornographic material. In fact, Tor Malware has resulted in the arrest of various high profile individuals associated with these types of criminal activities. ESG malware analysts speculate that the next target after Freedom Hosting may be Silk Road, a notorious online marketplace used for drug deals and trafficking.
The Tor Malware infection itself is very similar to CIPAV (Computer and Internet Protocol Address Verifier), a program used by the FBI to track the location of computer systems in which it is installed. Essentially, the Tor Malware identifies the infected computer's location and then sends back this information to a remote server using a normal Internet connection. The Tor Malware sends this information to an ISP in Reston, Virginia, that has been associated with law enforcement operations carried out by the FBI and other government institutions.
The people responsible for TOR have noted that the Tor Malware attack only affects browsers older than June 26, 2013; more recent versions are protected from the Tor Malware. The Tor Malware has also been associated with DICE, a database used by the DEA to track computer users that utilize TOR to browse the Web anonymously.
While TOR has various legitimate uses that have helped whistleblowers and human rights activists, it has been adopted by online criminals, drug traffickers and pedophiles as an effective way of carrying out illegal activities in complete anonymity. Because of this, it seems that the Tor Malware is one of the rare cases in which malware is used for good rather than to scam inexperienced computer users or steal money from unsuspecting targets.