[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] PSA: watch out for trojans



Hi, folks.

Somebody just stopped by a couple of the Tor IRC channels and linked
to something that was supposed to be the result of "redoing vadalia
[sic] in java."  Instead, it turned out to be (apparently[*]) an
updated variant of the Java trojan described in
http://community.websense.com/blogs/securitylabs/archive/2012/10.aspx
.

I called the guy out within the first minutes after he posted, so I
*hope* that nobody actually ran the thing, but I thought it would be a
good idea to remind everybody:

Do not run random binaries from random people off the internet-- even
if those people say those binaries do something awesome.  They might
not do what the random people say they do.

Yes, you all know this, but it's a good idea to get reminded
periodically that there are people really trying to do this attack in
the wild, against members of this community like me and you.  The next
attempt may not be so transparent.

(And finally, if you actually *ARE* a software developer writing a
pure-Java version of Vidalia which for some reason you tried to
distribute anonymously as an obfuscated Jar using the same obfuscator
as an established Trojan... really, you should know better.)

[*] At least, it appears to use the same obfuscation technique as the
trojan described there.  Thanks to "ditzydoo" on IRC for picking at
the thing long enough to confirm.

yrs,
--
Nick
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk