Roger Dingledine wrote: > On Wed, Apr 16, 2008 at 10:47:51PM +0300, ygrek wrote: > > Try it http://google.com.torsec.exit/ > > Looks like torsec injects some JS and/or redirects to adware sites > > Interesting. My first thought is that it's some Windows software that > intercepts port 80 traffic for the user and tries to sanitize his > browsing experience.
torsec (claims to) run on Linux: torsec (Online) Location: Erfurt, DE IP Address: 87.118.97.238 Platform: Tor 0.1.2.19 on Linux i686 Bandwidth: 1283 KB/s Uptime: 5 hours 5 mins 12 secs Last Updated: 2008-04-16 20:09:42 GMT > My second thought is that the user's ISP is trying to launch some sort > of attack on the user's browsing habits, e.g. like Phorm. I don't think many German ISP-s are this evil: http://www.virustotal.com/analisis/8bbf410701fcc17fe5dfae1fa93785ed AVG 7.5.0.516 2008.04.16 Downloader.Small.61.A BitDefender 7.2 2008.04.16 Trojan.Peed.JEZ CAT-QuickHeal 9.50 2008.04.16 (Suspicious) - DNAScan eSafe 7.0.15.0 2008.04.16 Suspicious File F-Prot 4.4.2.54 2008.04.16 W32/Tibs.G.gen!Eldorado Ikarus T3.1.1.26.0 2008.04.16 Trojan.Peed Microsoft 1.3408 2008.04.14 Trojan:Win32/Tibs.gen!ldr Panda 9.0.0.4 2008.04.16 Suspicious file Prevx1 V2 2008.04.16 Trojan.Vundo Symantec 10 2008.04.16 Downloader.MisleadApp Spyware download URL (page redirected to from torsec): hxxp://scan ner.spyshredder scanner.c om/24/?advid=41 98&ref=4 Spyware file name (possibly autogenerated): install_4198_NHwyNHx8fHx8fHw_.exe
