Specialists of the company Leviathan Security Group had discovered a malicious Tor node on the
territory of Russia. It appends a binary code to the end of files that the user
downloads from the Internet. Tor is a
good tool for anonymous access. But anonymity does not mean security.
Researchers say that this behavior can be viewed as
the server kind of MiTM-attack.
To demonstrate this vulnerability, developers of
Leviathan Security Group had launched a program BDF (Backdoor Factory), which
modifies executable files, adding to them arbitrary code. Author of BDF program
explains the principle of its operation in the demonstration video (speech was
recorded on hacker conference DerbyCon 2014).
About the Malware Russian node was notified project
coordinators Tor, so now it is marked as a bad node (flag BadExit). Members of Tor
network must take note of this information.
It
should be noted that from 1110 output nodes in the Tor network it was the only
one that add malicious code to binary. All other were tested
and do not carry anything like that. Although it is impossible to guarantee
certain: nodes can act selectively and modify only some of the files that do
not show themselves during the scan.
Source: xaker.ru
No comments:
Post a Comment