G Data Software – a German anti-virus company – has discovered a controlled from an IRC server botnet inside Tor’s networks.

According to security researchers working for G Data Software, the botnet is running through an IRC (Internet Relay Chat) server which is hidden inside Tor’s networks.
There are certain advantages and disadvantages that come with this method, the researchers said. The obvious benefit is that the botnet server can’t be shut down, since it’s almost impossible to pin-point its location.
Besides the fact that Tor’s protocol includes encrypted data running through a series of nodes, thus making surveillance on a specific network extremely difficult, there’s also the issue of blocking the traffic coming from these infected computers; hence, the botnet’s efficiency is enhanced.
Although Tor Project has been built for legitimate use, there are certain cases in which people take advantage on their services. This is not the first case; in the past, Tor has been used to sell illegal drugs online.
There’s also a drawback to this method, as pointed out by G Data’s researchers:
“It has to be noted that malware like this suffers from the latencies that come with the Tor network.
In other words: Tor tends to be slow and unreliable, and inherits these flaws to underlying botnets.”

Source: p2pon