[tor-talk] "zeus" virus

scar scar at drigon.com
Thu Aug 23 21:16:03 UTC 2012


David H. Lipman @ 08/23/2012 01:40 PM:
> Whatever the case, malicious bot activity is being detected and thus you
> should stop using Tor and you should make sure you computer(s) are clean.

well, no, i'm not gonna do that. ;) the server is running linux and not
infected.
when i started running this tor exit router i received copyright
complaints from the MPAA and my service was shut down, and i fixed my
torrc to block the p2p ports.  then it started getting shut down for
viruses, and i've continued to update my torrc.  now it only happens 2-3
times a month and CenturyLink always promptly reactivates my service.
this is just a case of 'a few bad apples' and i have the (cheap)
bandwidth to spare, so no plans to stop using Tor just yet.

frankly, i don't get how this zeus trojan can operate without
destination addresses. in fact it seems to me it would be utterly
useless as a trojan if there weren't destination addresses.  then again
i've been out of the loop as technology has progressed.  if that is
really the case, i'm wondering if there is a way to add a firewall rule
that will block traffic that is looking for "config.bin" and
"update32.php", and whether that would really block this malicious
traffic....




More information about the tor-talk mailing list