Malware writers are increasingly considering the Tor anonymity network as an option for hiding the real location of their command-and-control (C&C) servers. The Tor Hidden Service protocol allows users to set up services that can only be accessed from within the Tor network. In December, researchers from security firm Rapid7 identified the Skynet botnet of 12,000 to 15,000 compromised computers that were receiving commands from an Internet Relay Chat server running as a Tor hidden service. The researchers warned at the time that other malware writers were likely to adopt the design.”]

