[tor-bugs] #13479 [general]: Malware being served from thetorproject.org and tor-chat.org

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Oct 20 01:45:08 UTC 2014 

#13479: Malware being served from thetorproject.org and tor-chat.org
-------------------------+-------------------------------------------------
     Reporter:  donncha  |      Owner:  phobos
         Type:  defect   |     Status:  assigned
     Priority:  normal   |  Milestone:
    Component:  general  |    Version:
   Resolution:           |   Keywords:  trademark violation, phishing,
Actual Points:           |  malware
       Points:           |  Parent ID:
-------------------------+-------------------------------------------------

Comment (by mrphs):

 Reported. Thank you donncha!

 Here are some additional info for the sake of having record:

 {{{
 sha256sum
 ==========
 e12a8aafa86d2bbcb6631ac3f4d22795e2bc11fa58c4da8ea13450ec0b656ffc
 torbrowser-install-3.6.6_en-US.exe_fake

 3b8c412a904fda82f941ae20fdacc29238eb4a2c58256f4543d524ade38e80ba
 torbrowser-install-3.6.6_en-US.exe_legit

 File
 =========
 torbrowser-install-3.6.6_en-US.exe_fake:
 PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

 torbrowser-install-3.6.6_en-US.exe_legit:
 PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS
 Windows, Nullsoft Installer self-extracting archive

 Stat
 =========
 File: `torbrowser-install-3.6.6_en-US.exe_fake'
 Size: 27336704
 Modify: 2014-10-08 20:45:20.000000000 +0000

 File: `torbrowser-install-3.6.6_en-US.exe_legit'
 Size: 27301724
 Modify: 2014-09-26 01:13:27.000000000 +0000

 DNS
 =========
 thetorproject.org.      3600    IN      A       199.59.160.184
 thetorproject.org.      3600    IN      NS      ns-canada.topdns.com.
 thetorproject.org.      3600    IN      NS      ns-usa.topdns.com.
 thetorproject.org.      3600    IN      NS      ns-uk.topdns.com.

 CIDR:           199.59.160.0/21
 OriginAS:       AS32421
 ASN:            BLCC - Black Lotus Communications, US


 tor-chat.org.           300     IN      A       111.90.144.114
 tor-chat.org.           86400   IN      NS      ns1.ipchina163.com.
 tor-chat.org.           86400   IN      NS      ns2.ipchina163.com.

 CIDR:           111.90.144.0/21
 OrininAS:       AS45839
 ASN:            PIRADIUS-AS PIRADIUS NET AS45839, MY

 (second one has the same ASN as torbundlebrowser)

 }}}

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13479#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list