[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #13479 [general]: Malware being served from thetorproject.org and tor-chat.org

Subject: Re: [tor-bugs] #13479 [general]: Malware being served from thetorproject.org and tor-chat.org
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Mon, 20 Oct 2014 01:45:08 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 19 Oct 2014 21:45:20 -0400
In-reply-to: <047.3b75ee26915c5d7b366e31b22ec82963@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <047.3b75ee26915c5d7b366e31b22ec82963@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#13479: Malware being served from thetorproject.org and tor-chat.org
-------------------------+-------------------------------------------------
     Reporter:  donncha  |      Owner:  phobos
         Type:  defect   |     Status:  assigned
     Priority:  normal   |  Milestone:
    Component:  general  |    Version:
   Resolution:           |   Keywords:  trademark violation, phishing,
Actual Points:           |  malware
       Points:           |  Parent ID:
-------------------------+-------------------------------------------------

Comment (by mrphs):

 Reported. Thank you donncha!

 Here are some additional info for the sake of having record:

 {{{
 sha256sum
 ==========
 e12a8aafa86d2bbcb6631ac3f4d22795e2bc11fa58c4da8ea13450ec0b656ffc
 torbrowser-install-3.6.6_en-US.exe_fake

 3b8c412a904fda82f941ae20fdacc29238eb4a2c58256f4543d524ade38e80ba
 torbrowser-install-3.6.6_en-US.exe_legit

 File
 =========
 torbrowser-install-3.6.6_en-US.exe_fake:
 PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

 torbrowser-install-3.6.6_en-US.exe_legit:
 PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS
 Windows, Nullsoft Installer self-extracting archive

 Stat
 =========
 File: `torbrowser-install-3.6.6_en-US.exe_fake'
 Size: 27336704
 Modify: 2014-10-08 20:45:20.000000000 +0000

 File: `torbrowser-install-3.6.6_en-US.exe_legit'
 Size: 27301724
 Modify: 2014-09-26 01:13:27.000000000 +0000

 DNS
 =========
 thetorproject.org.      3600    IN      A       199.59.160.184
 thetorproject.org.      3600    IN      NS      ns-canada.topdns.com.
 thetorproject.org.      3600    IN      NS      ns-usa.topdns.com.
 thetorproject.org.      3600    IN      NS      ns-uk.topdns.com.

 CIDR:           199.59.160.0/21
 OriginAS:       AS32421
 ASN:            BLCC - Black Lotus Communications, US


 tor-chat.org.           300     IN      A       111.90.144.114
 tor-chat.org.           86400   IN      NS      ns1.ipchina163.com.
 tor-chat.org.           86400   IN      NS      ns2.ipchina163.com.

 CIDR:           111.90.144.0/21
 OrininAS:       AS45839
 ASN:            PIRADIUS-AS PIRADIUS NET AS45839, MY

 (second one has the same ASN as torbundlebrowser)

 }}}

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13479#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #13479 [general]: Probable malware being served from thetorproject.org
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #13471 [Tor]: router daemon crashes with openssl built no_ssl3
Next by Author: Re: [tor-bugs] #13481 [Tor]: Internal Tor error
Previous by thread: Re: [tor-bugs] #13479 [general]: Malware being served from thetorproject.org and tor-chat.org (was: Probable malware being served from thetorproject.org)
Next by thread: Re: [tor-bugs] #13479 [general]: Malware being served from thetorproject.org and tor-chat.org
Index(es):
- Author
- Thread