TOR exit nodes attaching malware

Talk about internet security, computer security, personal security, your social security number...
Post Reply
morganism
Senior Member
Posts: 118
Joined: Tue Nov 26, 2013 9:44 pm

TOR exit nodes attaching malware

Post by morganism » Fri Oct 24, 2014 11:00 pm

Mozilla/5.0 (Windows NT 6.0; rv:32.0) Gecko/20100101 Firefox/32.0

User avatar
therube
Ambassador
Posts: 7519
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: TOR exit nodes attaching malware

Post by therube » Sat Oct 25, 2014 3:59 am

Interesting.

and all users should have a way of checking hashes and signatures out of band prior to executing the binary
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0 SeaMonkey/2.30

morganism
Senior Member
Posts: 118
Joined: Tue Nov 26, 2013 9:44 pm

Re: TOR exit nodes attaching malware

Post by morganism » Mon Nov 10, 2014 6:50 pm

looks like PHP code is going to need to be blacklisted too...

http://arstechnica.com/security/2014/11 ... ough-ddos/
Mozilla/5.0 (Windows NT 6.0; rv:32.0) Gecko/20100101 Firefox/32.0

morganism
Senior Member
Posts: 118
Joined: Tue Nov 26, 2013 9:44 pm

Re: TOR exit nodes attaching malware

Post by morganism » Sat Nov 15, 2014 11:11 pm

nice article on how the malware is wrapped and executed

This executable is a dropper containing a PE resource that pretends to be an embedded GIF image file. In reality, the resource is actually an encrypted dynamically linked library (DLL) file. The dropper will proceed to decrypt this DLL, write it to disk and execute it.

http://www.f-secure.com/weblog/archives/00002764.html
Mozilla/5.0 (Windows NT 6.0; rv:32.0) Gecko/20100101 Firefox/32.0

Post Reply