[tor-talk] PSA: watch out for trojans
Andrew F
andrewfriedman101 at gmail.com
Sat Apr 20 09:40:57 UTC 2013
Thanks Nick,
It's always good to have a reminder.
On Fri, Apr 19, 2013 at 6:40 PM, Nick Mathewson <nickm at torproject.org>wrote:
> Hi, folks.
>
> Somebody just stopped by a couple of the Tor IRC channels and linked
> to something that was supposed to be the result of "redoing vadalia
> [sic] in java." Instead, it turned out to be (apparently[*]) an
> updated variant of the Java trojan described in
> http://community.websense.com/blogs/securitylabs/archive/2012/10.aspx
> .
>
> I called the guy out within the first minutes after he posted, so I
> *hope* that nobody actually ran the thing, but I thought it would be a
> good idea to remind everybody:
>
> Do not run random binaries from random people off the internet-- even
> if those people say those binaries do something awesome. They might
> not do what the random people say they do.
>
> Yes, you all know this, but it's a good idea to get reminded
> periodically that there are people really trying to do this attack in
> the wild, against members of this community like me and you. The next
> attempt may not be so transparent.
>
> (And finally, if you actually *ARE* a software developer writing a
> pure-Java version of Vidalia which for some reason you tried to
> distribute anonymously as an obfuscated Jar using the same obfuscator
> as an established Trojan... really, you should know better.)
>
> [*] At least, it appears to use the same obfuscation technique as the
> trojan described there. Thanks to "ditzydoo" on IRC for picking at
> the thing long enough to confirm.
>
> yrs,
> --
> Nick
> _______________________________________________
> tor-talk mailing list
> tor-talk at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
More information about the tor-talk
mailing list