Glass
6th August 2013, 11:44 PM
ZDNet are reporting that people are saying they have been affected/infected by a malware application that appears to be payloaded via a web page accessible via TOR hosted web servers.
The US Govt is going after a guy accused of running the world largest and best patronized child pornography service. He also runs a hosting service through TOR that enables people to anonymize and conceal their servers and its exposed services. Seems the US Gov is tagging computers connected to TOR. The malware connects to a Verizon hosted network and reports the hostname and MAC address of PC's using TOR.
By hostname they are probably refering to the PC's public IP address (ISP provides you this) but it could be the PC's name. I think the former is probably the case.
Everyone agrees that child pornography is evil. Along the way to tracking down Eric Eoin Marques, whom the FBI has called "the largest facilitator of child porn on the planet, (http://www.independent.ie/irish-news/courts/fbi-bids-to-extradite-largest-childporn-dealer-on-planet-29469402.html)" the government agency, with the possible assistance of the NSA, broke into the Tor anonymous network (http://www.zdnet.com/fbi-accused-of-infiltrating-tor-network-to-close-child-abuse-host-7000018962), injected JavaScript malware into the Tor specific version of Firefox, and obtained the Internet addresses of untold numbers of Tor users.
Here's how it was done.
Tor (https://www.torproject.org), which is recommended by the Electronic Frontier Foundation (EFF) (https://www.eff.org), for helping you to "protect your anonymity while using the Internet (https://www.eff.org/torchallenge/what-is-tor)" is made up of two parts: Software and the Tor network.
The software's, known as the Tor Browser Bundle (https://www.torproject.org/projects/torbrowser.html.en), main component is a customized version of the Mozilla Firefox Extended Support Release (ESR) (http://www.mozilla.org/en-US/firefox/organizations/). It can be used on Linux, Mac OS, and Windows.
The network is made up of Internet routers ran by volunteers who believe in the value of Internet anoymoity. These routers are also known as relays.
link to article (http://www.zdnet.com/inside-the-tor-exploit-7000018997/)
The US Govt is going after a guy accused of running the world largest and best patronized child pornography service. He also runs a hosting service through TOR that enables people to anonymize and conceal their servers and its exposed services. Seems the US Gov is tagging computers connected to TOR. The malware connects to a Verizon hosted network and reports the hostname and MAC address of PC's using TOR.
By hostname they are probably refering to the PC's public IP address (ISP provides you this) but it could be the PC's name. I think the former is probably the case.
Everyone agrees that child pornography is evil. Along the way to tracking down Eric Eoin Marques, whom the FBI has called "the largest facilitator of child porn on the planet, (http://www.independent.ie/irish-news/courts/fbi-bids-to-extradite-largest-childporn-dealer-on-planet-29469402.html)" the government agency, with the possible assistance of the NSA, broke into the Tor anonymous network (http://www.zdnet.com/fbi-accused-of-infiltrating-tor-network-to-close-child-abuse-host-7000018962), injected JavaScript malware into the Tor specific version of Firefox, and obtained the Internet addresses of untold numbers of Tor users.
Here's how it was done.
Tor (https://www.torproject.org), which is recommended by the Electronic Frontier Foundation (EFF) (https://www.eff.org), for helping you to "protect your anonymity while using the Internet (https://www.eff.org/torchallenge/what-is-tor)" is made up of two parts: Software and the Tor network.
The software's, known as the Tor Browser Bundle (https://www.torproject.org/projects/torbrowser.html.en), main component is a customized version of the Mozilla Firefox Extended Support Release (ESR) (http://www.mozilla.org/en-US/firefox/organizations/). It can be used on Linux, Mac OS, and Windows.
The network is made up of Internet routers ran by volunteers who believe in the value of Internet anoymoity. These routers are also known as relays.
link to article (http://www.zdnet.com/inside-the-tor-exploit-7000018997/)