Opened 6 years ago

Closed 6 years ago

#12458 closed defect (fixed)

phishing/trademark/malware violation at torbrowserproject.org

Reported by: phobos Owned by: phobos
Priority: Medium Milestone:
Component: Archived/general Version:
Severity: Keywords: trademark violation, phishing, malware
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Our resident troll returns, torbundleproject (dot) org.

Child Tickets

Change History (10)

comment:1 Changed 6 years ago by phobos

More technical details from reddit:

"As we all could probably already guess, the exe on this site is
backdoored. It makes a bunch of requests to 162.251.80.25 (
cp-14.webhostbox.net) from port 3841 on your machine. After that, I am
seeing messages sent to 185.15.246.132 (nordns.com). Finally, I'm also
seeing communication to 192.240.104.151.

It looks like the exe may have been packed with the legitimate version of
the installer as well as the malware, so the enduser isn't supposed to
suspect anything."

comment:2 Changed 6 years ago by phobos

Site is currently reporting "account suspended"

comment:3 Changed 6 years ago by arma

So, problem solved?

Also, why do you think is related to our resident troll?

comment:4 Changed 6 years ago by phobos

It's not clear who is behind it. Our past experiences with "randolph" have been on sourceforge, and past domains where "he" used our website with minor mods to promote an alternate version of tor browser infected with spyware and/or malware. This fits right along with past behavior.

comment:5 Changed 6 years ago by joncamfield

The site appears up (and looks like a quite nice copy of torproject.org) currently.

comment:6 Changed 6 years ago by arma

Confirmed. I asked our friend Rabbi Rob to do what he can to make it go away more thoroughly. Thanks.

comment:7 Changed 6 years ago by mrphs

Resolution: fixed
Status: newclosed

(Thanks to our friends) The malicious website is down.

Last edited 6 years ago by mrphs (previous) (diff)

comment:8 Changed 6 years ago by harmony

Look who's back:

torbundlebrowser (dot) org

comment:9 Changed 6 years ago by harmony

Resolution: fixed
Status: closedreopened

comment:10 in reply to:  8 Changed 6 years ago by mrphs

Resolution: fixed
Status: reopenedclosed

Replying to harmony:

Look who's back:

torbundlebrowser (dot) org

Thanks for the heads up.
The domain is not canceled yet, but the problem should be solved for now.

Note: See TracTickets for help on using tickets.