Facebook has dissected a new variant of Sefnit that appears to no longer utilize Tor. Details and indicators are provided to help security teams audit their hosts for signs of infection.
Prior Work
In September 2013, Geoff McDonald at Microsoft made a great blog post detailing the Sefnit/Mevade malware family [1]. Sefnit is best known for its use of Tor, which resulted in a Tor usage spike that caused a media flurry:
more here......https://www.facebook.com/notes/protect-the-graph/sefnit-is-back/1448087102098103?fref=nf