[tor-bugs] #12458 [general]: phishing/trademark/malware violation at torbrowserproject.org
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Jun 25 04:22:11 UTC 2014
#12458: phishing/trademark/malware violation at torbrowserproject.org
-------------------------+-------------------------------------------------
Reporter: phobos | Owner: phobos
Type: defect | Status: new
Priority: normal | Milestone:
Component: general | Version:
Resolution: | Keywords: trademark violation, phishing,
Actual Points: | malware
Points: | Parent ID:
-------------------------+-------------------------------------------------
Comment (by phobos):
{{{
More technical details from reddit:
"As we all could probably already guess, the exe on this site is
backdoored. It makes a bunch of requests to 162.251.80.25 (
cp-14.webhostbox.net) from port 3841 on your machine. After that, I am
seeing messages sent to 185.15.246.132 (nordns.com). Finally, I'm also
seeing communication to 192.240.104.151.
It looks like the exe may have been packed with the legitimate version of
the installer as well as the malware, so the enduser isn't supposed to
suspect anything."
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/12458#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list