[tor-talk] ShellCode-Exploit deleivery over TOR
John Doe
c0rr3sp0nd3nce at tuta.io
Sat Nov 12 22:54:35 UTC 2016
Probablynot. It is an artist website with over 20 million users.
Plus, it is not a constant phenomenon. Sometimes it occurs, sometime not.
If it is steered by the website, they would do this maybe in a more efficient / constant way.
I am still on the ads or the exit node approach because this could explain the randomness.
If it occurs the next time, I try to figure out at least the source (e.g.banner or transparent-pixel & URL) of the exploit. Maybe it is also a false positive. Have to check this. At the moment the filesare getting immediately purged (what is normally good).
12. Nov 2016 21:42 by keb at cyblings.on.ca:
> On 12/11/16 04:40 PM, John Doe wrote:
>> Recently, Istumble relatively often over a message by my Antivirus
>> that a file was removedfrom the TB “doomed” cache, where binary
>> files like images are cached. These filesseem to contain an exploit
>> like “Win32/ShellCode.A”. Firstly Iassumed a bad exit node that
>> tampers with the content. But the alerts came in frequently and on
>> several exit nodes. Now Isuspect something like malicious add
>> banners. Maybe in combination with adetection function for TOR exit
>> node IPs.
>
> What sites did you visit recently using TB? Maybe they were the source of infections. I am happy to check them using a non-Windows computer.
>
> --
> tor-talk mailing list - > tor-talk at lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
More information about the tor-talk
mailing list