[tor-talk] ShellCode-Exploit deleivery over TOR
arma at mit.edu
Sun Nov 13 01:46:54 UTC 2016
On Sat, Nov 12, 2016 at 11:54:35PM +0100, John Doe wrote:
> Maybe it is also a false positive. Have to check this.
Right -- my assumption whenever I hear of strange antivirus behavior
is that the antivirus program is mis-tuned. After all, one of their
main techniques is to look in every file and see if they find a certain
sequence of characters. An "artist website" could easily produce graphics
files or the like that happen to have one of the sequences of characters
And that's if you're lucky -- another common antivirus technique is to
report a summary of every file that you download, back to the mothership,
and then if you download a file that not enough other customers have
already reported, they call it a virus. :/
I guess the short-term fix is indeed to get a copy of the files that
it's upset about, and send them to your antivirus vendor so they can
fix their program.
That said, if you find that something is maliciously modifying your files,
please do let us know!
More information about the tor-talk