[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: torsec exit behaves badly?

Roger Dingledine wrote:

> On Wed, Apr 16, 2008 at 10:47:51PM +0300, ygrek wrote:
> >  Try it http://google.com.torsec.exit/ 
> >  Looks like torsec injects some JS and/or redirects to adware sites
> Interesting. My first thought is that it's some Windows software that
> intercepts port 80 traffic for the user and tries to sanitize his
> browsing experience.

torsec (claims to) run on Linux:

torsec (Online)
Erfurt, DE
IP Address:
Tor on Linux i686
1283 KB/s
5 hours 5 mins 12 secs
Last Updated:
2008-04-16 20:09:42 GMT

> My second thought is that the user's ISP is trying to launch some sort
> of attack on the user's browsing habits, e.g. like Phorm.

I don't think many German ISP-s are this evil:


AVG    2008.04.16   Downloader.Small.61.A
BitDefender   7.2         2008.04.16   Trojan.Peed.JEZ
CAT-QuickHeal 9.50        2008.04.16   (Suspicious) - DNAScan
eSafe    2008.04.16   Suspicious File
F-Prot	  2008.04.16   W32/Tibs.G.gen!Eldorado
Ikarus	      T3. 2008.04.16   Trojan.Peed
Microsoft     1.3408      2008.04.14   Trojan:Win32/Tibs.gen!ldr
Panda     2008.04.16   Suspicious file
Prevx1	      V2          2008.04.16   Trojan.Vundo
Symantec      10          2008.04.16   Downloader.MisleadApp

Spyware download URL (page redirected to from torsec): 
hxxp://scan ner.spyshredder scanner.c om/24/?advid=41 98&ref=4

Spyware file name (possibly autogenerated):