[tor-bugs] #5689 [Company]: tor-browser-2.2.35-9_en-US.exe infected?

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Thu May 3 22:16:16 UTC 2012 

#5689: tor-browser-2.2.35-9_en-US.exe infected?
-------------------------+--------------------------------------------------
    Reporter:  taylorkh  |       Owner:  erinn                        
        Type:  defect    |      Status:  closed                       
    Priority:  critical  |   Milestone:  TorBrowserBundle 2.2.x-stable
   Component:  Company   |     Version:                               
  Resolution:  fixed     |    Keywords:                               
      Parent:            |      Points:                               
Actualpoints:            |  
-------------------------+--------------------------------------------------
Changes (by Sebastian):

  * status:  reopened => closed
  * resolution:  => fixed


Comment:

 Replying to [comment:11 mikeperry]:
 > Wow, I don't know about you guys, but this sounds like the malware on
 our build machines is what got the update :). How did all of the AV
 vendors sync up so fast? Are they usually that responsive?

 I'm sorry that I have to dispel your paranoia, but it was _THE SAME FILE_
 that got scanned again. At least I pointed it to the same file on our
 webserver, and virustotal got the same sha256 for it. Now, if you want to
 claim that probably virustotal got owned by the guys who owned our build
 machine, then... erm... yeah. whatever.

 > And why did an independent build machine produce a clean build
 immediately, while they were still flagging our official bundles.

 Because the builds aren't deterministic. I tried a couple times more on my
 windows VM, and sometimes some of the AV software flags one part of the
 tbb as having random malware crap. Basically, AV heuristics are utter
 bullshit.

 > I'm not sure I want to close this.. I'm still left with more questions
 than answers. Does anyone know any staff/contact points at AV companies?
 We should at least attempt some minimal fact checking...

 I hope what I wrote above convinced you. Next time please don't assume I'm
 taking the possibility of malware in our bundles lightly without actual
 evidence

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5689#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list