University of Luxembourg
The authors propose in this paper a new propagation vector for malicious software by abusing the Tor network. Tor is particularly relevant, since operating a Tor exit node is easy and involves low costs compared to attack institutional or ISP networks. After presenting the Tor network from an attacker perspective, they describe an automated exploitation malware which is operated on a Tor exit node targeting to infect web browsers. Their experiments show that the current deployed Tor network, provides a large amount of potential victims.