The secret battle of Microsoft against Tor botnet

Fantasy Scenario; and yet not !!. In August of 2013, four million infected computers woke up and waited instructions from their owner.

According to his article Daily Dot, the malicious software was Sefnit, a malware that makes the infected computer coins bitcoins (able to produce bitcoins). As computers woke up, they were working under the command of the Ukrainian and Israeli hackers called Scorpion and Dekadent.

Malware communicates with both hackers by downloading and using it Tor , the modified firefox browser that offers anonymity through the encrypted channels of the Tor network. It was the first time a botnet, as a group of desktops called it, used Tor in such an incredible and powerful way.

 Using this unconventional method of exploiting Windows, hackers inadvertently forced Microsoft to show something that few knew they had: The ability to remotely remotely remove programs from simple computer users without even knowing it.

 Let's take the story from the beginning… .. Suddenly, the anonymous network grew from about 1 million users to 5,5 million users, a leap that scared even Tor developers.

"If this was a real intrusion, that is, if the botnet had turned against the Tor network, it would probably be deadly, I think," said developer Jacob Appelbaum in a speech to the Chaos Communication Congress in December.

 In one respect, using Sefnit in Tor was a mistake. This wave of users has brought undesirable attention to the botnet at a time of increased interest in the Tor network. And malicious software, which is available in various versions of the Tor browser from 2009, and which specifically targets Windows users, was the fact that caught Microsoft's attention quickly.

 To counter-attack, Microsoft remotely removes the malicious program from computers that it could, along with the Tor browser it used.

"This is a great strength that Microsoft has," Applebaum continued. "If you use Windows trying to be anonymous, I tell you one thing: a very bad idea"

Why also remove Tor browsers? Microsoft's Geoff McDonald wrote one blog post on the subject and generally said that if they leave customers with Tor installed then they leave a serious threat to the infected machines. Although Microsoft has always considered the most up-to-date version of Tor as a "trusted program".

Microsoft's efforts, however, succeeded. By October, the Tor network had dropped to two million users after "Sefnit users" left. No one, not even the Tor developers themselves, knew that Microsoft had made a silent attack on such a large rival and won a decisive battle.

During this period, the only communication between Microsoft and Tor was when the Microsoft security team asked them a question: "Is it possible for a simple user, using our operating system, to install Tor in the installation folders as well as as a service?" ”

We replied then that "it is very, very unlikely," said Andrew Lewman.

This messaging was a sign that Microsoft had found at least one unique feature of the Sefnit program. Sefnit tended to install Tor in a place that almost no human user would use. Microsoft deleted this post, a move that was enough to begin the elimination of millions of Tor installations.

So, yes, Microsoft has the ability to reach your computer and delete programs that you have in it. Your own decision.