[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] ShellCode-Exploit deleivery over TOR



Probablynot. It is an artist website with over 20 million users.
Plus, it is not a constant phenomenon. Sometimes it occurs, sometime not.
If it is steered by the website, they would do this maybe in a more efficient / constant way.
I am still on the ads or the exit node approach because this could explain the randomness. 
If it occurs the next time, I try to figure out at least the source (e.g.banner or transparent-pixel & URL) of the exploit. Maybe it is also a false positive. Have to check this. At the moment the filesare getting immediately purged (what is normally good).



12. Nov 2016 21:42 by keb@xxxxxxxxxxxxxx:


> On 12/11/16 04:40 PM, John Doe wrote:
>> Recently, Istumble relatively often over a message by my Antivirus
>> that a file was removedfrom the TB “doomed” cache, where binary
>> files like images are cached. These filesseem to contain an exploit
>> like “Win32/ShellCode.A”. Firstly Iassumed a bad exit node that
>> tampers with the content. But the alerts came in frequently and on
>> several exit nodes. Now Isuspect something like malicious add
>> banners. Maybe in combination with adetection function for TOR exit
>> node IPs.
>
> What sites did you visit recently using TB?  Maybe they were the source of infections.  I am happy to check them using a non-Windows computer.
>
> -- 
> tor-talk mailing list - > tor-talk@xxxxxxxxxxxxxxxxxxxx
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk