Rat Bastards…

Friends, it seem the Feds have been caught with their hands in the privacy cookie jar again.  Wired Magazine is reporting the discovery of a piece of malware that takes advantage of a Firefox security vulnerability to identify some users of the privacy-protecting Tor anonymity network.  big_brotherThe FBI is considered the prime suspect as the exploit sends identifying information to an IP address in Reston, Virginia; just outside Washington, D.C.  A reverse engineer dissecting the exploit says that this is probably the first time the FBI’s “computer and internet protocol address verifier,” or CIPAV has been captured in the wild but has been around since 2002.  It seems that the malware was designed specifically to attack the Tor browser.  The payload for the Tor Browser Bundle malware is hidden in a variable called “magneto” and the heart of the malicious Javascript is a tiny Windows executable hidden in a variable named “Magneto.” A traditional virus would use that executable to download and install a full-featured backdoor, so the hacker could come in later and steal passwords, enlist the computer in a DDoS botnet, and generally do all the other nasty things that happen to a hacked Windows box.  But the Magneto code doesn’t download anything. It looks up the victim’s MAC address — a unique hardware identifier for the computer’s network or Wi-Fi card — and the victim’s Windows hostname. Then it sends it to the Virginia server, outside of Tor, to expose the user’s real IP address, and coded as a standard HTTP web request.  Rat Bastards.  Friends, make sure your VooDoo is patched or up-to-date, the Feds are restless.

Tagged , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published.

  • Ads