[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] ShellCode-Exploit deleivery over TOR
Probablynot. It is an artist website with over 20 million users.
Plus, it is not a constant phenomenon. Sometimes it occurs, sometime not.
If it is steered by the website, they would do this maybe in a more efficient / constant way.
I am still on the ads or the exit node approach because this could explain the randomness.
If it occurs the next time, I try to figure out at least the source (e.g.banner or transparent-pixel & URL) of the exploit. Maybe it is also a false positive. Have to check this. At the moment the filesare getting immediately purged (what is normally good).
12. Nov 2016 21:42 by keb@xxxxxxxxxxxxxx:
> On 12/11/16 04:40 PM, John Doe wrote:
>> Recently, Istumble relatively often over a message by my Antivirus
>> that a file was removedfrom the TB “doomed” cache, where binary
>> files like images are cached. These filesseem to contain an exploit
>> like “Win32/ShellCode.A”. Firstly Iassumed a bad exit node that
>> tampers with the content. But the alerts came in frequently and on
>> several exit nodes. Now Isuspect something like malicious add
>> banners. Maybe in combination with adetection function for TOR exit
>> node IPs.
> What sites did you visit recently using TB? Maybe they were the source of infections. I am happy to check them using a non-Windows computer.
> tor-talk mailing list - > tor-talk@xxxxxxxxxxxxxxxxxxxx
> To unsubscribe or change other settings go to
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to