[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: torsec exit behaves badly?
Roger Dingledine wrote:
> On Wed, Apr 16, 2008 at 10:47:51PM +0300, ygrek wrote:
> > Try it http://google.com.torsec.exit/
> > Looks like torsec injects some JS and/or redirects to adware sites
>
> Interesting. My first thought is that it's some Windows software that
> intercepts port 80 traffic for the user and tries to sanitize his
> browsing experience.
torsec (claims to) run on Linux:
torsec (Online)
Location:
Erfurt, DE
IP Address:
87.118.97.238
Platform:
Tor 0.1.2.19 on Linux i686
Bandwidth:
1283 KB/s
Uptime:
5 hours 5 mins 12 secs
Last Updated:
2008-04-16 20:09:42 GMT
> My second thought is that the user's ISP is trying to launch some sort
> of attack on the user's browsing habits, e.g. like Phorm.
I don't think many German ISP-s are this evil:
http://www.virustotal.com/analisis/8bbf410701fcc17fe5dfae1fa93785ed
AVG 7.5.0.516 2008.04.16 Downloader.Small.61.A
BitDefender 7.2 2008.04.16 Trojan.Peed.JEZ
CAT-QuickHeal 9.50 2008.04.16 (Suspicious) - DNAScan
eSafe 7.0.15.0 2008.04.16 Suspicious File
F-Prot 4.4.2.54 2008.04.16 W32/Tibs.G.gen!Eldorado
Ikarus T3.1.1.26.0 2008.04.16 Trojan.Peed
Microsoft 1.3408 2008.04.14 Trojan:Win32/Tibs.gen!ldr
Panda 9.0.0.4 2008.04.16 Suspicious file
Prevx1 V2 2008.04.16 Trojan.Vundo
Symantec 10 2008.04.16 Downloader.MisleadApp
Spyware download URL (page redirected to from torsec):
hxxp://scan ner.spyshredder scanner.c om/24/?advid=41 98&ref=4
Spyware file name (possibly autogenerated):
install_4198_NHwyNHx8fHx8fHw_.exe