{"id":14344,"date":"2014-10-24T14:02:57","date_gmt":"2014-10-24T19:02:57","guid":{"rendered":"http:\/\/bucktownbell.com\/?p=14344"},"modified":"2014-10-24T14:04:38","modified_gmt":"2014-10-24T19:04:38","slug":"researchers-finds-malicious-tor-exit-node-adding-malware-to-binaries","status":"publish","type":"post","link":"http:\/\/bucktownbell.com\/?p=14344","title":{"rendered":"Researchers Find Malicious Tor Exit Node Adding Malware to Binaries"},"content":{"rendered":"<blockquote><p>The exit node in question was in Russia, and Pitts discovered that the node was actively patching any binaries he downloaded with a piece of malware. He downloaded binaries from a variety of sources, including Microsoft.com, and each of them came loaded with malicious code that opens a port to listen for commands and starts sending HTTP requests to a remote server.<\/p><\/blockquote>\n<p>via <a href=\"http:\/\/threatpost.com\/researcher-finds-tor-exit-node-adding-malware-to-binaries\/109008\">Researchers Finds Malicious Tor Exit Node Adding Malware to Binaries | Threatpost | The first stop for security news<\/a>.<\/p>\n<p>From: <a href=\"http:\/\/www.leviathansecurity.com\/blog\/the-case-of-the-modified-binaries\/\">The Case of the Modified Binaries<\/a><\/p>\n<blockquote><p>Companies and developers need to make the conscious decision to host binaries via SSL\/TLS, whether or not the binaries are signed. All people, but especially those in countries hostile to \u201cInternet freedom,\u201d as well as those using Tor anywhere, should be wary of downloading binaries hosted in the clear\u2014and all users should have a way of checking hashes and signatures out of band prior to executing the binary.<\/p><\/blockquote>\n","protected":false},"excerpt":{"rendered":"<p>The exit node in question was in Russia, and Pitts discovered that the node was actively patching any binaries he downloaded with a piece of malware. He downloaded binaries from a variety of sources, including Microsoft.com, and each of them &hellip; <a href=\"http:\/\/bucktownbell.com\/?p=14344\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[25],"tags":[347,698,353],"class_list":["post-14344","post","type-post","status-publish","format-standard","hentry","category-pc-issues","tag-malware","tag-security-research","tag-tor"],"_links":{"self":[{"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/posts\/14344","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=14344"}],"version-history":[{"count":2,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/posts\/14344\/revisions"}],"predecessor-version":[{"id":14346,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/posts\/14344\/revisions\/14346"}],"wp:attachment":[{"href":"http:\/\/bucktownbell.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=14344"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=14344"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=14344"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}