Thanks Nick, It's always good to have a reminder.
On Fri, Apr 19, 2013 at 6:40 PM, Nick Mathewson <ni...@torproject.org>wrote: > Hi, folks. > > Somebody just stopped by a couple of the Tor IRC channels and linked > to something that was supposed to be the result of "redoing vadalia > [sic] in java." Instead, it turned out to be (apparently[*]) an > updated variant of the Java trojan described in > http://community.websense.com/blogs/securitylabs/archive/2012/10.aspx > . > > I called the guy out within the first minutes after he posted, so I > *hope* that nobody actually ran the thing, but I thought it would be a > good idea to remind everybody: > > Do not run random binaries from random people off the internet-- even > if those people say those binaries do something awesome. They might > not do what the random people say they do. > > Yes, you all know this, but it's a good idea to get reminded > periodically that there are people really trying to do this attack in > the wild, against members of this community like me and you. The next > attempt may not be so transparent. > > (And finally, if you actually *ARE* a software developer writing a > pure-Java version of Vidalia which for some reason you tried to > distribute anonymously as an obfuscated Jar using the same obfuscator > as an established Trojan... really, you should know better.) > > [*] At least, it appears to use the same obfuscation technique as the > trojan described there. Thanks to "ditzydoo" on IRC for picking at > the thing long enough to confirm. > > yrs, > -- > Nick > _______________________________________________ > tor-talk mailing list > tor-talk@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
