SoylentNews

Researcher Finds Tor Exit Node Adding Malware to Binaries

posted by azrael on Sunday October 26 2014, @02:26PM   
from the some-layers-are-rotten dept.

jbWolf writes:

Josh Pitts of Leviathan Security Group has identified a Tor exit node that was actively adding malware to binary files dynamically. He ran across the misbehaving Tor exit node while performing some research on download servers that might be patching binaries during download through a man-in-the middle attack. An article about this can also be found at Threat Post.

• Re:Operated by the FBI? Re:Operated by the FBI? (Score: 2) by zocalo on Monday October 27 2014, @08:43AM

  by zocalo (302) on Monday October 27 2014, @08:43AM (#110450)

  Thanks for the that - pretty much how I expected TOR to work, except I had the location of the exit node back to front. It does seem more logical that it would be that way around, now that I think about it, and also seems to confirm that any malicious patching of binaries would most probably have to happen at an exit node to be most effective. Theoretically, you could capture an entire binary in-transit and patch it within the network, but without any guarantee you would see the entire thing that would reduce the effectiveness of such a scheme.

  --
  UNIX? They're not even circumcised! Savages!

  Parent

  Starting Score:	1		point
  Karma-Bonus Modifier		+1
  Total Score:		2

• Re:Operated by the FBI? (Score: 2) by urza9814 on Thursday October 30 2014, @06:27PM

  by urza9814 (3954) on Thursday October 30 2014, @06:27PM (#111623) Journal

  Theoretically, you could capture an entire binary in-transit and patch it within the network

  Not unless you can break the encryption...

  Your requests and data -- including metadata like destination IP address -- are encrypted all the way from the source node to the exit node. The reason almost all attacks on Tor traffic are being done by the exit node is because that's the only place where you can get the request unencrypted.

  Parent