Wednesday, 7 August 2013

Tor confirmed malicious code that grabbed user identification



The Malicious code was distributed over the web host Freedom Hosting; malicious code actually serves to identify Tor users. This was confirmed by the anonymous project. The malicious code is injected via vulnerability in Firefox. In an analysis of the Tor team has now confirmed that yesterday only came to the knowledge. The malicious code is used for identifying users of the Tor network and the information is sent to a company that works together with the secret. The malicious code targeting to grab used in the Tor Browser Bundle version of Firefox 17.0.6 on Windows. That is now known as the magnetosphere malicious code detected by analysis of the host name and MAC address of the attacked computer and transmits the collected information to the IP address 65.222.202.53, which is hard-coded into the malware. The command-and-control server belongs to the company Science Applications International Corporation, which is close to the FBI and the intelligence community. The IP address belongs to the Autonomous System (AS) the NSA. Mozilla was the weak point in Firefox ESR 17.0.7 and Firefox 22.0 which was later resolved on 25 June 2013. Updated versions of Firefox had been rolled out the next day in the Tor Browser Bundle 2.3.25-10 and 2.4.15-1-alpha, 30 June 2013 and 8 in 3.0alpha2 July 2013 entered into 2.4.15-alpha-1. The vulnerability in the browser is also available in versions for Mac OS X and Linux, but the malware grab apparently only Windows machine, then writes the Tor team in a statement.

It assumes that the attacker has a list of Tor users who use the hidden services of the web host Freedom Hosting. Freedom Hosting uses Tor Hidden Services among others for the provision of anonymous websites. There, among other Web sites with pedophile content provided. In addition, the web hosts connections to reputed Silkroad online drug market. The Tor team, meanwhile, advises users urged to update their Tor Browser Bundle. In addition, users should disable Javascript. In future releases, there will be an easy-to-use interface that allows the use of Javascript can be configured. Since the future also other may be vulnerabilities in Firefox, CSS or SVG are expected to users should also consider using a random MAC address. This is possible, for example, in virtual machines like VirtualBox or VMware. The Tor team also advises to use a firewall to prevent such compounds to command-and-control servers. As an alternative to Windows recommend the Tor makers the live distribution tails. The team also asks for help in the implementation of sandboxes and virtualized solutions for the Tor Browser Bundle.

No comments:

Post a comment

Note: only a member of this blog may post a comment.