Tor Alert: a Russian 'Exit-Node' Server Is Delivering Malware
According to Josh Pitts, a security researcher for the Leviathan Security Group, a Tor Russian exit node sever was distributing malware along with the content that its users downloaded. The private network flagged the server, so the clients will now stay away from it.
For those of you who don't know yet, Tor (The Onion Router) is a privacy-focused network which redirects the user's traffic through a series of servers and encrypts the data that is being transmitted. Tor is one of the most secure systems in the world that can be accessed by the general population. Up to this point, the network was only cracked once, by the NSA, and it was done by infecting the target's computer, not through an actual vulnerability in the software. It is so good that the Russian government organized a $100,000 prize contest to see if anyone can crack it.
As its name suggests, an exit-node is the last point in the series of servers that your data travels through. Basically, if you use Tor and you want to access Wikipedia, the network bounces your data around through an intricate maze of servers before sending it to Wikipedia. The last server (from the maze) that is used before directing the information to Wikipedia is called the exit node.
Mr. Pitts stated that he was checking to see how many attackers modified the binary code of legitimate data in order to send malware to the victims when he spotted the anomaly. The good news is that he tested 1,100 servers and found only a single one to be infected, which was already flagged and treated accordingly by Tor. The bad news is that, as the security researcher says himself, his detection method might not be infallible, so it may not be a unique incident.
