Russian Tor exit node found to be patching binaries; users advised to check their computers - Techie News (UK and Ireland)

Users of Tor have been advised to scan their system for malware especially those who download binaries or executable files through the anonymity network after a security researcher has found that a particular Russian Tor exit node is actively patching binaries with malware.

The research was carried out by Josh Pitts of Leviathan security and according to him out of the over 1100 Tor exit nodes on the anonymity network, there is this one particular exit node in Russia that is patching binaries. However, Pitts does add: “This does not mean that other nodes on the Tor network are not patching binaries; I may not have caught them, or they may be waiting to patch only a small set of binaries.”

Pitts latest research can be termed as extension and proof to his previous work on binary patching framework called the Binary Patching Factory (BDF). Pitts notes that many binary files downloaded over the internet are hosted without any transport layer security encryption. There are a few that provide for signed modification prevention, but most of them do not provide for such protection.

In continuation to his research, Pitts though of extending his research by including Tor as a platform to catch modified binaries in transit across the web. “To have the best chance of catching modified binaries in transit over the Internet, I needed as many exit points in as many countries as possible”, Pitts notes.

“Using Tor would give me this access, and thus the greatest chance of finding someone conducting this malicious MITM patching activity”, he adds.

Using tools such as exitmap and his little script which he has named patchingCheck.py he stumbled upon a particular exit node that was patching binaries. He found that the exit node was patching almost all binaries which were downloaded through it. The researcher notified The Tor Project and as a result, the exit node has already been bad flagged.

“We’ve now set the BadExit flag on this relay, so others won’t accidentally run across it”, wrote Tor Project’s project leader and director Roger Dingledine.

Ravi

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Leave a Reply Cancel reply