One of the German anti-virus firms, G Data Software, has found out a controlled from an IRC server botnet inside Tor’s networks. According to the security experts from G Data Software, the botnet is operated via an Internet Relay Chat server hidden inside Tor’s networks.
The security specialists point out that this method involves both benefits and drawbacks. However, the specified list of benefits seems to over weigh the disadvantages. First of all, the obvious advantage is that the botnet server can’t be closed down, because it is nearly impossible to pin-point its location. Secondly, Tor’s protocol also includes encrypted data running via several nodes, which makes surveillance on a certain network very difficult. Finally, there’s also the fact that Tor blocks the traffic originating from these infected computers; this means that the botnet’s efficiency is improved.

Despite the fact that Tor Project was originally created for legitimate use, there are certain cases in which users involved in illegal activities can benefit on their services. And the situation described above is not the first case: in fact, Tor has even been used to sell illegal drugs on the Internet in the past.

As for disadvantages of using this method, G Data’s specialists note that malware like this suffers from the latencies coming with the Tor network. This means that Tor is quite slow and unreliable, and these disadvantages are inherited to underlying botnets. Anyway, the operators of the botnet seem to be unaware of the drawbacks and keep running it from Tor’s networks without any problems.