Security experts at Fortinet uncovered a new strain of the Vawtrak banking Trojan is implementing an obscuring mechanism based on the Tor2Web service. The malware implements a smart Domain Name Generator that allows the malware to refer the C&C servers. The technique bucks the malwares usual trend of using fixed command and control servers in its variants. Researchers discovered a collection of DWORD value hard coded in the malware source code that used them as a seed to generate the domain name.”]
Source: http://securityaffairs.co/wordpress/37682/malware/vawtrak-uses-tor2web.html