Opened 5 years ago

Closed 5 years ago

#11187 closed defect (fixed)

malicious file?

Reported by: proper Owned by:
Priority: Very High Milestone:
Component: Webpages/Website Version:
Severity: Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

I was just notified by the wiki mailer, that someone uploaded a file.

https://trac.torproject.org/projects/tor/attachment/wiki/doc/TorBOX/Dev/BuildDocumentation/0.1.3/4shared-js.zip

Certainly no one from Whonix team. We're not using the name TorBOX nor trac.torproject for anything anymore.

I suspect this is either spam or otherwise malicious acitivity. My recommendation is to delete that file and to block that user.

Child Tickets

Change History (1)

comment:1 Changed 5 years ago by karsten

Resolution: fixed
Status: newclosed

Extracted in a throw-away VM and found the following in the contained index.html:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML Basic 1.1//EN" "http://www.w3.org/TR/xh
tml-basic/xhtml-basic11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Free Musik Download</title>
<meta name="description" content="free musik download">
<link href="http://proand.wen.ru/favicon.ico" rel="shortcut icon"/>
<link rel="stylesheet" href="style/style.css">
<script type="text/javascript" src="http://00.w.pw/API_4shared.js"></script>
</head>

Deleted. Thanks for letting us know! Closing.

Note: See TracTickets for help on using tickets.