[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #5689 [Company]: tor-browser-2.2.35-9_en-US.exe infected?



#5689: tor-browser-2.2.35-9_en-US.exe infected?
-------------------------+--------------------------------------------------
    Reporter:  taylorkh  |       Owner:  erinn                        
        Type:  defect    |      Status:  closed                       
    Priority:  critical  |   Milestone:  TorBrowserBundle 2.2.x-stable
   Component:  Company   |     Version:                               
  Resolution:  fixed     |    Keywords:                               
      Parent:            |      Points:                               
Actualpoints:            |  
-------------------------+--------------------------------------------------

Comment(by erinn):

 Mike, I was really freaked out by the potential for our build machine to
 be compromised. As in, actually sick with nerves and having nightmares
 about it during this whole thing. I did due diligence by scanning the
 machine (both light and deep scans) and reading about the Kazy malware and
 manually digging through the registry to see if any of the signs were
 there. The scans didn't find anything and the manual investigation didn't
 find anything either. One of the problems I encountered was that it
 doesn't appear to be easy/possible to get free copies of the popular virus
 scanners in order to do full machine scans. I tried with F-Secure and also
 looked around on Bitdefender's terrible website. F-Secure never sent me
 the free download information and Bitdefender didn't have anything
 available that I could find. It is easy to submit executables to
 virustotal for scanning though, so I will be doing that from now on. (The
 latest -11 release comes up clean, FWIW.)

 Currently we only have one Windows VM which is a problem when it comes to
 testing and/or building on known-clean machines. When we were in Seattle I
 got an extra two copies of Windows from David Molnar. Recently I asked
 Jake to send me the license information for one of them so we could get
 another VM going, but he wasn't going to be in Seattle for a month. I'll
 email him again and see if we can get another VM going for verification
 purposes.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5689#comment:15>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs