[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor and BitCoin miner trojans - perfect pair

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Tor and BitCoin miner trojans - perfect pair
From: "David H. Lipman" <DLipman@xxxxxxxxxxx>
Date: Fri, 26 Apr 2013 16:10:00 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 26 Apr 2013 16:10:19 -0400
Fl-build: Fidolook 2007 (HV) 6.0.6000.97 - 22/5/2009 19:59:07
In-reply-to: <CAPXxWBAFsBgE4Ns_AnsZObvLcoUWz89TBpw5sWYaVALEBh4x7g@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Organization: DHL
References: <klejp8$inn$1@xxxxxxxxxxxxx> <CAPXxWBAFsBgE4Ns_AnsZObvLcoUWz89TBpw5sWYaVALEBh4x7g@xxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx

From: "Jon" <torance.ca@xxxxxxxxx>

On Fri, Apr 26, 2013 at 2:15 PM, David H. Lipman<DLipman@xxxxxxxxxxx>wrote:

TorVersion Tor 0.2.3.25 (git-17c24b3118224d65)
LastWritten 2012-01-24 09:17:26

zs5uletlmms6euux.onion

-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQChhKL+kMqphdtGQoFluAhvZOxhoguZaMcoakTV0oolnkM0UbaE
fU6oeaHJduOIkrsXFfiZuH/m16t6qM3OX01TjbPBjUWzTGeRvTtmX5yymZ3omLV4
A1q5M2PZEn1gggk9c0TTMzup79WV0Kri0Jvn2B2NwkhpBcr5SFAjFu+VHQIDAQAB
AoGBAIqfYqDnNfiuuJYhiBr8CslILhRRVnEw2xUVt8RoMUa+AOHLa8FkJnk0AyX8
kqXpgQb8RWPxVFyUJ0lbzV7crmi1ZfDmbCUJqIaiGkqLVGcFr5z4NezElhlzb5ll
rHCm2RR/I1yqJoXQ9CGWwdrlXvTHsMAXWvMqBiIBiQoutJshAkEA0Dq+ieSle3WC
vHPxut/3F7s1hqhZB0ZkJkj0dkvE0+s40zcj4okcyGEGa7grADXD0+Hu/Q311+n3
27VE/7j5+QJBAMaSjE2aNlsiv2bMTe+bdLXtaQ/O06X6PmM3aHKtVKVWw0V1m1ZF
ozwxB3t4gt38RofzgnE7ny6L76JvALybHUUCQCaocU1aZJqKE253PA6Mm+wM9n/8
ayLdn6Q38SKxKGaLie40k3XwLKbK1I1VEK6mTKfejybt25FtP3XLrnanWckCQQCb
oqUA9cuApr1prtuu3yMcrFVaJHtSbc6UKQteRmg/pr8qI8F6Xt5QAQWiSpQXtPD7
AWrNoTNkYh2SLHphWRoZAkAmaQ38mRMncxQzKAg62j3oBS1T4E0THFiPPq0bsLFa
Eaw/Yr9b0wMVPCQm1spbWZXM2xvoRSYVE+6c7QcnHj6U
-----END RSA PRIVATE KEY-----

Between Tor being used in malware and being used to abuse Usenet, Tor's
onion core is
rotting.

I wonder what OTHER malware I am missing that is using the Tor network to
obfuscate the
malicious activity.

--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp

I am not sure where you got that date of 1/24/12 for the release of Tor
0.2.3.25 at:

TorVersion Tor 0.2.3.25 (git-17c24b3118224d65)
LastWritten 2012-01-24 09:17:26

however, Roger released Tor 0.2.3.25 on 11/19/12 and posted it on 11/20/12

Jon


It was in the files created by the BitCoin miner trojan.

Specifically it was contained in;
C:\Documents and Settings\Administrator\Application Data\tor\state.tmp

Complete contents:

# Tor state file last generated on 2012-01-24 10:17:26 local time
# Other times below are in GMT
# You *do not* need to edit this file.

TorVersion Tor 0.2.3.25 (git-17c24b3118224d65)
LastWritten 2012-01-24 09:17:26


--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk

http://www.pctipp.ch/downloads/dl/35905.asp


_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] Tor and BitCoin miner trojans - perfect pair
  - From: David H. Lipman
- Re: [tor-talk] Tor and BitCoin miner trojans - perfect pair
  - From: Jon

Prev by Author: [tor-talk] Tor and BitCoin miner trojans - perfect pair
Next by Author: Re: [tor-talk] torslap!
Previous by thread: Re: [tor-talk] Tor and BitCoin miner trojans - perfect pair
Next by thread: Re: [tor-talk] Tor and BitCoin miner trojans - perfect pair
Index(es):
- Author
- Thread