Malware Analysis Using Tor
Malware is any software created intentionally to inflict substantial damage to computer systems. This is a short term for malicious software. It is made by hackers to obtain illegal data, take over systems or used as weapons in times of war. Detection of malware can be easy or hard, depending on the type. Ransomware manifests itself immediately after the attack, usually through pop up messages. Others like Spyware hide in your machine for a long time before you even recognize their existence. Various signs show that a device is infected by malware. Lost files, impromptu shutdowns, overworked processor or new, unfamiliar programs appearing on your devices are common signs of malware infection.
Malware consists of ransomware, viruses, and Spyware (Subrahmanian, Ovelgönne, Dumitras, & Prakash, 2015). Ransomware is a type of malware that takes hostage of systems and demands payment to restore access to that system’s data. An example is the WannaCry virus that infected hospital systems in Europe. Viruses cause damage to data stored Spyware is a type of malware that seeks to obtain sensitive information illegally, such as credit card information. There is the existence of tools that safeguard against all these malware. In this care, I will use the Tor browser.
The Tor browser is a browsing software that hides your online identity and scans web traffic to ensure anonymity. It was developed in the 1990s and launched in 2002. It is run and maintained by the Tor Project Incorporation, a non-profit organization that promotes internet democracy. It utilizes an onion routing network. After installing this software, run it like a standard browser. The first expected display is like this:
In this case, the Tor browser relays requests to the Tor network servers get to be listed through an entry node. After connection to a specific node, it goes through a middle relay, and finally, your web traffic comes out through the exit node. The exit node looks like the source of the data, and so someone cannot know that those specific data packets have been through multiple relays. This creates numerous encryption layers shown by the Tor logo, which looks like multiple layers of an onion. Also, with a Virtual Machine, it protects against malware-infected web pages. It also prevents against being hacked because hackers cannot track your online footprint and trace back to your device.
The first page looks like this:
The Tor browser works hand in hand with DuckDuckGo, a search engine that does not profile users by displaying the same results to all users looking for a particular thing on the Internet. It does not personalize search results because it does not collect information about a user’s browsing. (Parsania, Kalyani, & Kamani, 2016). This offers defense against fingerprinting. (Saito, Takahashi, Yasuda, Tanabe, Taneoka, M., & Hosoya, R. (2017). This is the identification of source data by systems. This happens when websites compel browsers to release device information as a form of data harvesting. Tor browser hides your IP address and assigns you another one, usually one from another continent. Someone tracking your online movements is then lost in trying to find your device. After closing the Tor Browser, history and cookies are deleted. This decreases the risk of cookie tracking. When you run this software, the default setting is private browsing mode. Clicking on the “New Identity” feature also deletes previous cookies on site.
Searching on this browser gives the following expected display:
I chose to use to tool because of various reasons. One, it gives anonymity. Data packets move through various nodes, making the tracking of IP addresses impossible. Hackers cannot find you online. The security offered by the Tor browser is assured because of the open-source aspect. Hence, there is a defense against malicious code that cannot penetrate servers. This tool is also easily accessible, and downloading it has no cost added to it. It works on major operating systems and does not save cookies or history after browsing. The use of the DuckDuckGo is another essential tool found in this software as it is the most secure web search engine on the Internet.
Access to onion domains is another advantage given by the Tor browser. These sites are not normally accessible using common browsers such as Google. These are web page addresses usually ending in a .onion format that is hosted by dedicated proxy servers. They work by first sending a connection request via the Tor network. Then after the IP addresses are scrambled by using Tor, and a different one is assigned, the connection is restored.
After careful study, I have arrived at the conclusion that the Tor browser is one of the effective methods to protect against malware, especially Spyware. Spyware can be used by advertisers and Internet Service Provider in tracking consumer preferences and online activity. Hence, it promotes anonymity and prevents against data reselling. The Tor2Web proxy redirects traffic to hidden services through the C&C server, which is also hidden. This platform can also provide internet anonymity to servers by using Tor Hidden Services. Applications like BitTorrent can be configured as add-ons to the Tor Brower to download files, which is an incredible task.
References
Parsania, V. S., Kalyani, F., & Kamani, K. (2016). A comparative analysis: DuckDuckGo vs. Google search engine. GRD Journals-Global Research and Development Journal for Engineering, 2(1), 12-17.
Saito, T., Takahashi, K., Yasuda, K., Tanabe, K., Taneoka, M., & Hosoya, R. (2017, August). Tor Fingerprinting: Tor Browser Can Mitigate Browser Fingerprinting?. In International Conference on Network-Based Information Systems (pp. 504-517). Springer, Cham.
Subrahmanian, V. S., Ovelgönne, M., Dumitras, T., & Prakash, B. A. (2015). Types of malware and malware distribution strategies. In The Global Cyber-Vulnerability Report (pp. 33-46). Springer, Cham.