[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor and BitCoin miner trojans - perfect pair



From: "Jon" <torance.ca@xxxxxxxxx>

On Fri, Apr 26, 2013 at 2:15 PM, David H. Lipman <DLipman@xxxxxxxxxxx>wrote:

TorVersion Tor 0.2.3.25 (git-17c24b3118224d65)
LastWritten 2012-01-24 09:17:26

zs5uletlmms6euux.onion

-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQChhKL+kMqphdtGQoFluAhvZOxhoguZaMcoakTV0oolnkM0UbaE
fU6oeaHJduOIkrsXFfiZuH/m16t6qM3OX01TjbPBjUWzTGeRvTtmX5yymZ3omLV4
A1q5M2PZEn1gggk9c0TTMzup79WV0Kri0Jvn2B2NwkhpBcr5SFAjFu+VHQIDAQAB
AoGBAIqfYqDnNfiuuJYhiBr8CslILhRRVnEw2xUVt8RoMUa+AOHLa8FkJnk0AyX8
kqXpgQb8RWPxVFyUJ0lbzV7crmi1ZfDmbCUJqIaiGkqLVGcFr5z4NezElhlzb5ll
rHCm2RR/I1yqJoXQ9CGWwdrlXvTHsMAXWvMqBiIBiQoutJshAkEA0Dq+ieSle3WC
vHPxut/3F7s1hqhZB0ZkJkj0dkvE0+s40zcj4okcyGEGa7grADXD0+Hu/Q311+n3
27VE/7j5+QJBAMaSjE2aNlsiv2bMTe+bdLXtaQ/O06X6PmM3aHKtVKVWw0V1m1ZF
ozwxB3t4gt38RofzgnE7ny6L76JvALybHUUCQCaocU1aZJqKE253PA6Mm+wM9n/8
ayLdn6Q38SKxKGaLie40k3XwLKbK1I1VEK6mTKfejybt25FtP3XLrnanWckCQQCb
oqUA9cuApr1prtuu3yMcrFVaJHtSbc6UKQteRmg/pr8qI8F6Xt5QAQWiSpQXtPD7
AWrNoTNkYh2SLHphWRoZAkAmaQ38mRMncxQzKAg62j3oBS1T4E0THFiPPq0bsLFa
Eaw/Yr9b0wMVPCQm1spbWZXM2xvoRSYVE+6c7QcnHj6U
-----END RSA PRIVATE KEY-----

Between Tor being used in malware and being used to abuse Usenet, Tor's
onion core is
rotting.

I wonder what OTHER malware I am missing that is using the Tor network to
obfuscate the
malicious activity.

--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp

I am not sure where you got that date of 1/24/12 for the release of Tor
0.2.3.25 at:

TorVersion Tor 0.2.3.25 (git-17c24b3118224d65)
LastWritten 2012-01-24 09:17:26

however, Roger released Tor 0.2.3.25 on 11/19/12 and posted it on 11/20/12

Jon

It was in the files created by the BitCoin miner trojan.

Specifically it was contained in;
C:\Documents and Settings\Administrator\Application Data\tor\state.tmp

Complete contents:

# Tor state file last generated on 2012-01-24 10:17:26 local time
# Other times below are in GMT
# You *do not* need to edit this file.

TorVersion Tor 0.2.3.25 (git-17c24b3118224d65)
LastWritten 2012-01-24 09:17:26


--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk