SecurityTube

Tor-Powered Botnet Linked to Malware Coder’s AMA on Reddit

JB

In the process of analyzing a seemingly new and fairly small botnet called Skynet, Rapid7 security researchers determined that this was precisely the same network described by its creator in a particularly bold 'Ask Me Anything’ (AMA) on the social news site Reddit earlier this year.

Claudio Guarnieri authored the write-up on Rapid7's Security Street blog and claims that the 12,000 to 15,000 computer botnet is fueled by a customized, Zeus Trojan variant. The researcher describes Skynet as a “Tor-powered Trojan with DDoS, Bitcoin mining and banking capabilities” that is currently distributing itself on Usenet. The bot has number of interesting functionalities that Gaurnieri and company tinkered with, but it appears that the bot’s primary function and largest source of income is its use of the Zeus banking Trojan.