The botnet has resulted in a fivefold increase in usage

Sep 5, 2013 15:41 GMT  ·  By

With all the recent focus on NSA spying, new Russian censorship laws and the general mistrust of large web companies such as Google or Facebook, it should be unsurprising that more people are looking to protect themselves.

So an increase in the number of people who use the TOR network, which offers anonymous, encrypted traffic, isn't that surprising.

But an increase of two million users, on top of the 500,000 regular ones, in just a few weeks is a bit suspect.

It's more than a bit suspect in fact, it's an obvious sign that someone is up to no good. New research seems to indicate that all the new Tor nodes are in fact illegitimate ones and are used by a Russian botnet.

The botnet isn't new, but it does appear to be switching to Tor for communication to the command and control center. This should make the location of the central servers hard if not impossible to find.

Analysis of the malware using the network hasn't revealed much, i.e. it's unclear what its scope is. Usually, botnet are exploited in some way, i.e. via clickfraud, stealing bank account info, serving ransomware and so on.