[tor-bugs] #20708 [Obfuscation/Pluggable transport]: Baidu Anti-TBB or TBB Trojanic upgrade

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Nov 18 11:41:08 UTC 2016


#20708: Baidu Anti-TBB or TBB Trojanic upgrade
-------------------------------------------------+-------------------------
     Reporter:  agentchaos                       |      Owner:  asn
         Type:  defect                           |     Status:  new
     Priority:  Very High                        |  Milestone:  Tor:
                                                 |  0.2.9.x-final
    Component:  Obfuscation/Pluggable transport  |    Version:  Tor:
                                                 |  0.2.9.5-alpha
     Severity:  Major                            |   Keywords:
Actual Points:                                   |  Parent ID:
       Points:                                   |   Reviewer:
      Sponsor:                                   |
-------------------------------------------------+-------------------------
 hi there i was running TBB 6.5a3 inside windows 8.1 and i have baidu anti-
 virus running inside it.

 then i upgraded TBB to 6.5a4 , then this is what happened:-

 baidu detected that there are viruses going to be downloaded by doing this
 upgraded so baidu blocked them. the weird thing that the upgrade continues
 and TBB worked !! even tho there r some parts of it has been deleted.

 here is what Baidu thought that there r trojans:-

 1- '''Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports
 \terminateprocess-buffer.exe
 '''
 2- '''Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\meek-
 client-torbrowser.exe'''

 3- '''Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\meek-
 client.exe'''

 4- '''Desktop\Tor
 Browser\Browser\TorBrowser\Tor\PluggableTransports\obfs4proxy.exe'''

 all of these categorized under one umbrella (reason behind deletion):-

 '''Trojan.Crypt.Heur.gen'''


 what is the dangerous things that i think i found in here :-

 1- which one is correct regarding false security Baidu or TBB upgrade ?

 2- TBB kept working and ignoring the reality that there r some parts of it
 have been removed !! , which mean any edit/modify/remove in TBB installed
 files/parts there will be no signals to know that. (unless its obvious
 like my case).

 i think the best thing to do , is to have an enhancement to avoid TBB
 files corruption, like for e.g most anti-viruses have "'''
 {{{
 Self-Defense
 }}}
 https://blog.kaspersky.com/tip-of-the-week-what-is-antivirus-self-
 defense/3936/'''"


 good thing this is happened in TBB alpha. any further Questions , help
 just ask. thnx

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20708>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list