[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] PSA: watch out for trojans

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] PSA: watch out for trojans
From: Andrew F <andrewfriedman101@xxxxxxxxx>
Date: Sat, 20 Apr 2013 02:40:57 -0700
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 20 Apr 2013 05:41:47 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:mime-version:in-reply-to:references:from:date:message-id :subject:to:content-type; bh=6U8KdEIVPuwmqf/8kPsNjqK1wDCNQariCymLYdq7ax0=; b=Cf9BDHLFcoTt7nrTHuCzZQqt7LrZjTwmkrYoYsM8l2PYOSk7oqw29DRJkV6u9sA5GR n1cU1iC2jFj9stjqINNPHVgQqB5vBKFi9Mw4w45ARcTSv4yEdf7mBfTY3s0pOAUDFmV0 Ut/W70Bcppw4qD/1ty19EYIewGVWF959x+WQ6tHvrJ8dKy4P5Bi89pivLBYAGD/dkfE2 5aJd515JXDQweAm2fKZWnZF29WPB1qaa/n01d5c6x+qy4iPM8W26My9Kf9/rks5nNWzi dOjW8a+w5oKEd4JOLTmFSshqP2xljr1Q4qj7w+GD/1HwzcmvqBrmDpfa5RalsVyLt25R GH1A==
In-reply-to: <CAKDKvuxYtur6cxpw8jDj-ObJ+Ay0wBf7qL9WNYVbOqusGwLbMg@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <CAKDKvuxYtur6cxpw8jDj-ObJ+Ay0wBf7qL9WNYVbOqusGwLbMg@xxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx

Thanks Nick,
It's always good to have a reminder.



On Fri, Apr 19, 2013 at 6:40 PM, Nick Mathewson <nickm@xxxxxxxxxxxxxx>wrote:

> Hi, folks.
>
> Somebody just stopped by a couple of the Tor IRC channels and linked
> to something that was supposed to be the result of "redoing vadalia
> [sic] in java."  Instead, it turned out to be (apparently[*]) an
> updated variant of the Java trojan described in
> http://community.websense.com/blogs/securitylabs/archive/2012/10.aspx
> .
>
> I called the guy out within the first minutes after he posted, so I
> *hope* that nobody actually ran the thing, but I thought it would be a
> good idea to remind everybody:
>
> Do not run random binaries from random people off the internet-- even
> if those people say those binaries do something awesome.  They might
> not do what the random people say they do.
>
> Yes, you all know this, but it's a good idea to get reminded
> periodically that there are people really trying to do this attack in
> the wild, against members of this community like me and you.  The next
> attempt may not be so transparent.
>
> (And finally, if you actually *ARE* a software developer writing a
> pure-Java version of Vidalia which for some reason you tried to
> distribute anonymously as an obfuscated Jar using the same obfuscator
> as an established Trojan... really, you should know better.)
>
> [*] At least, it appears to use the same obfuscation technique as the
> trojan described there.  Thanks to "ditzydoo" on IRC for picking at
> the thing long enough to confirm.
>
> yrs,
> --
> Nick
> _______________________________________________
> tor-talk mailing list
> tor-talk@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] PSA: watch out for trojans
  - From: Nick Mathewson

Prev by Author: Re: [tor-talk] Cicpa
Next by Author: Re: [tor-talk] NSA supercomputer
Previous by thread: [tor-talk] PSA: watch out for trojans
Next by thread: [tor-talk] download speed
Index(es):
- Author
- Thread