Torinj : Automated Exploitation Malware Targeting Tor Users

Abstract

From an attacker perspective it is important to control a strategic point in the network in order to interfere with network traffic from a large set of machines. However, operating one or more tor exit nodes is related with low costs. An attacker simply needs to operate exit nodes and participate in the Tor network. Besides worms and drive-by malware, we propose in this paper a new propagation vector for malicious software by abusing the Tor network. After presenting the Tor network from an attacker perspective, we describe an automated exploitation malware which is operated on a Tor exit node targeting to infect web browsers. Our experiments show that the current deployed Tor network, provides a large amount of potential victims.
PDF - Torinj : Automated Exploitation Malware Targeting Tor Users

24 May 2009

Gérard Wagener & Alexandre Dulaunoy / quuxlabs.com, Radu State / University of Luxembourg.

Development and git repository

Torinj experiments scripts
Torinj experiments proxy

Copyright © Alexandre J.D. Dulaunoy ( a at foo dot be ) This work is licensed to you under version 2 of the GNU General Public License. Alternatively, you may choose to receive this work under any other license that grants the right to use, copy, modify, and/or distribute the work, as long as that license imposes the restriction that derivative works have to grant the same rights and impose the same restriction. For example, you may choose to receive this work under the GNU Free Documentation License, the CreativeCommons ShareAlike License, the XEmacs manual license, or similar licenses.