Hi, folks. Somebody just stopped by a couple of the Tor IRC channels and linked to something that was supposed to be the result of "redoing vadalia [sic] in java." Instead, it turned out to be (apparently[*]) an updated variant of the Java trojan described in http://community.websense.com/blogs/securitylabs/archive/2012/10.aspx .
I called the guy out within the first minutes after he posted, so I *hope* that nobody actually ran the thing, but I thought it would be a good idea to remind everybody: Do not run random binaries from random people off the internet-- even if those people say those binaries do something awesome. They might not do what the random people say they do. Yes, you all know this, but it's a good idea to get reminded periodically that there are people really trying to do this attack in the wild, against members of this community like me and you. The next attempt may not be so transparent. (And finally, if you actually *ARE* a software developer writing a pure-Java version of Vidalia which for some reason you tried to distribute anonymously as an obfuscated Jar using the same obfuscator as an established Trojan... really, you should know better.) [*] At least, it appears to use the same obfuscation technique as the trojan described there. Thanks to "ditzydoo" on IRC for picking at the thing long enough to confirm. yrs, -- Nick _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
