Page 1 of 1
TOR exit nodes attaching malware
Posted: Fri Oct 24, 2014 11:00 pm
by morganism
can do binaries and exe
http://www.leviathansecurity.com/blog/t ... -binaries/
Re: TOR exit nodes attaching malware
Posted: Sat Oct 25, 2014 3:59 am
by therube
Interesting.
and all users should have a way of checking hashes and signatures out of band prior to executing the binary
Re: TOR exit nodes attaching malware
Posted: Mon Nov 10, 2014 6:50 pm
by morganism
looks like PHP code is going to need to be blacklisted too...
http://arstechnica.com/security/2014/11 ... ough-ddos/
Re: TOR exit nodes attaching malware
Posted: Sat Nov 15, 2014 11:11 pm
by morganism
nice article on how the malware is wrapped and executed
This executable is a dropper containing a PE resource that pretends to be an embedded GIF image file. In reality, the resource is actually an encrypted dynamically linked library (DLL) file. The dropper will proceed to decrypt this DLL, write it to disk and execute it.
http://www.f-secure.com/weblog/archives/00002764.html