Page 1 of 1

TOR exit nodes attaching malware

Posted: Fri Oct 24, 2014 11:00 pm
by morganism

Re: TOR exit nodes attaching malware

Posted: Sat Oct 25, 2014 3:59 am
by therube
Interesting.

and all users should have a way of checking hashes and signatures out of band prior to executing the binary

Re: TOR exit nodes attaching malware

Posted: Mon Nov 10, 2014 6:50 pm
by morganism
looks like PHP code is going to need to be blacklisted too...

http://arstechnica.com/security/2014/11 ... ough-ddos/

Re: TOR exit nodes attaching malware

Posted: Sat Nov 15, 2014 11:11 pm
by morganism
nice article on how the malware is wrapped and executed

This executable is a dropper containing a PE resource that pretends to be an embedded GIF image file. In reality, the resource is actually an encrypted dynamically linked library (DLL) file. The dropper will proceed to decrypt this DLL, write it to disk and execute it.

http://www.f-secure.com/weblog/archives/00002764.html