[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] "zeus" virus
David H. Lipman @ 08/23/2012 01:40 PM:
> Whatever the case, malicious bot activity is being detected and thus you
> should stop using Tor and you should make sure you computer(s) are clean.
well, no, i'm not gonna do that. ;) the server is running linux and not
infected.
when i started running this tor exit router i received copyright
complaints from the MPAA and my service was shut down, and i fixed my
torrc to block the p2p ports. then it started getting shut down for
viruses, and i've continued to update my torrc. now it only happens 2-3
times a month and CenturyLink always promptly reactivates my service.
this is just a case of 'a few bad apples' and i have the (cheap)
bandwidth to spare, so no plans to stop using Tor just yet.
frankly, i don't get how this zeus trojan can operate without
destination addresses. in fact it seems to me it would be utterly
useless as a trojan if there weren't destination addresses. then again
i've been out of the loop as technology has progressed. if that is
really the case, i'm wondering if there is a way to add a firewall rule
that will block traffic that is looking for "config.bin" and
"update32.php", and whether that would really block this malicious
traffic....
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk