Fake Tor Project website delivers malware instead of anonymity
Posted on 14.08.2014
A computer science student has discovered an almost perfect copy of The Tor Project's website, offering malware for download instead of the Tor Browser Bundle and collecting donations that should rightfully go to Tor developers.

Tipped off about the existence of the fake website by a friend, Julien Voisin downloaded the purported Tor Browser Bundle (torbrowser-install-3.6.3_en-US.exe) and managed to reverse engineer it.

What he discovered is that the malware can be commanded to download and upload files, update itself, make screenshots, execute system commands, reboot and restart, upload directories and get drives, and launch new connections.

The communication protocol runs on a hidden service on Tor, and Voisin even managed to get in touch with the botmaster.

"She/he told me that they are a small group (maybe from China) trying to catch pedophiles; by spreading the link to the fake website on pedo-boards, adding that one pedophile was already reported to cybertip (Canadian Centre for Child Protection's tipline)," he shared, but said that he doubts the story, as "the miscreant not only shiped a malware instead of the real TBB, but also replaced the donation page with his own BTC address."

The website had, surprisingly, still online (on torbundlebrowser.org), but I guess it won't be for much longer. It's more than likely that the person(s) behind it will move it to another, equally deceptive, domain.









Spotlight

New Zeus variant targets users of 150 banks

Posted on 19 December 2014.  |  A new variant of the infamous Zeus banking and information-stealing Trojan has been created to target the users of over 150 different banks and 20 payment systems in 15 countries, including the UK, the US, Russia, Spain and Japan.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Mon, Dec 22nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //