Tor users advised to 'switch away from Windows' after malware attack

Tor users advised to 'switch away from Windows' after malware attack

Summary: Users of the "hidden Internet" are advised to switch away from the world's most used operating system, amid a malware attack that some are linking to U.S. authorities.

SHARE:
TOPICS: Security, Windows
44
screen-shot-2013-08-06-at-15-25-13-v1
(Image: Tor Project)

A critical security advisory issued on Monday advises users of the Tor network to stop using Windows and switch to "live" systems if they want to keep their identities anonymous online.

Tor Project staff warned that Windows users with vulnerable Firefox versions "were actually exploitable" to an attack discovered earlier this week.

Some users accused the U.S. Federal Bureau of Investigation (FBI) of exploiting a vulnerability in a Tor bundle, which includes an older version of Firefox 17, with a known security flaw. 

Read this

Inside the Tor exploit

Inside the Tor exploit

Some of the people who were most concerned about Internet privacy, and were using the Tor anonymous Internet service to protect it, may have been the most exposed.

However, the true identities of the attackers — whether government operatives or non-state hackers — are not yet known.

Many Tor users are ordinary citizens concerned about government monitoring or private industry tracking, while others use the service to send and receive documents without leaving a trail. The anonymous network is particularly prevalent among journalists and civil liberties activists working in politically unstable regions of the world.

But organized criminals also use the service to evade authorities to distribute illicit goods, including child abuse imagery and illegal real-world goods.

Tor says on its blog that in the network's design, a "user cannot know where the server is located, and the server cannot find out the IP address of the user, except by intentional malicious means like hidden tracking code embedded in the web pages delivered by the server."

The attackers targeted Windows users to gather data used to identify users. The code used to exploit the flaw in Firefox was injected to servers owned by Freedom Hosting, a series of sites accessible only on Tor.

Freedom Hosting was accused in 2011 of hosting child abuse imagery. Controversial hacker activist collective Anonymous attacked the servers and published more than 1,500 names of alleged pedophiles that had accessed the site. 

The malware attack is linked to the FBI's attempt to seeking the extradition of Eric Eoin Marques, understood to be the owner of the Tor-operating servers, dubbed the "largest facilitator of child porn on the planet."

The malicious code was reverse engineered and revealed to transmit hostname and unique MAC address data back to a Washington D.C.-based server.

The advisory also notes: "The vulnerability allows arbitrary code execution, so an attacker could in principle take over the victim's computer."

While vulnerable versions of Firefox 17.0.7 and earlier — used in the "browser" bundle to include additional privacy patches — are available for all operating systems, the advisory notes that "only Windows users" were vulnerable to this attack.

Users are advised to switch to live-CD versions of Linux, such as Tails, or non-Windows operating systems, such as Apple's OS X. Affected users should also update to the latest Tor browser bundle. Users wishing to remain on Windows can disable JavaScript, but were warned in the advisory that in doing so will "make some websites not work like you expect."

The advisory also notes that despite the call out to switch away from Windows, there are "many other vectors" for vulnerabilities. The note calls for assistance with Tor project to better improving usability and security.

Topics: Security, Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

44 comments
Log in or register to join the discussion
  • infected servers

    This type of hacktivism has been ongoing for years-I even caught a parasite at a commercial media website-that got me an invite to be a set engineer for a popular sf program.Stay vigilant!
    Htos1
    • Year of Linxu Baby!

      Switch and be safe!
      T1Oracle
  • Just stop using old versions of FireFox

    Oh wait TOR was distributing the bundle with old versions... Yeah it's Windows fault that TOR distributed vulnerable code. Maybe you should just stop using TOR.
    greywolf7
  • switch away from windows?

    From what i read this is Firefox flaw, so why why not 'switch away from Firefox'? Occasionally I use Tor but never ever use Tor Bundle, I configure Maxthon or Opera to connect through Tor.
    Mr.SV
    • ff18 was

      issued 8 months ago (mine, e.g., is v. 21 on LMDE system) . Firefox update mechanism is one of the best and works almost equally and uniformly across most platforms. When updating, it won't need a restart of the whole system, like IE does sometimes.
      So, no excuses not to keep up-to-date.
      Secondly, Firefox has the best plugin of all: Noscript, which should be activated for all sites.
      Finally, users on Windows are HISTORICALLY more vulnerable due various reasons. Hence the advice.
      eulampius
  • Sounds like it was Apple that did it...

    Yep, Tor recommends using Apple to avoid being exploited by the vulnerable code they distribute. Oh wait, next week it will have an Apple vulnerability in it. {Sigh}. How about just maintaining you code like a good Internet citizen Tor.
    greywolf7
    • What the fuck are you talking about?

      This article recommended that you switch to a "live" operating system, obviously referring to Linux. Only a fool would switch to Mac.
      William Cannon
      • Switching to a Mac

        Eventually if you simply MUST USE Windows (which is really boring) and switch to a Mac, which is immune to this stuff........you will find it works. Free Norton AV if you think you might have a handful of viruses. There is nothing new in Windows 8 it is old Win 7 code with no DOS and.....wow tiles. Your computer just became a telephone with nice little Fischer Price toys.
        Rich Barnes
  • There is no need to switch away from Windows...

    because this is a Firefox vulnerability related to JavaScript. While it's true that only Windows users were targeted, that is because it's the most used consumer operating system in the world. The Tor Project statement is very clear on the nature of the attack, and nothing is directly related to Windows. Anyone who is in doubt should read the Tor security advisory.
    leonsk29
  • There is no need to switch away from Windows...

    because this is a Firefox vulnerability related to JavaScript. While it's true that only Windows users were targeted, that is because it's the most used consumer operating system in the world. The Tor Project statement is very clear on the nature of the attack, and nothing is directly related to Windows. Anyone who is in doubt should read the Tor security advisory.
    leonsk29
    • Not really

      Well, they do claim: "To be clear, while the Firefox vulnerability is cross-platform, the attack code is Windows-specific. It appears that TBB users on Linux and OS X, as well as users of LiveCD systems like Tails, were not exploited by this attack."
      harvey_rabbit
      • They claim that and it's correct but...

        the point here is that Windows users are vulnerable because the attackers designed the exploit that way. If the attackers decide to implement the exploit specifically for Linux or OS X it would have worked anyway. That's the real point here. As I said, they targeted Windows because it's the most used operating system in the world and they have more chances of getting results by attacking the big fish.
        leonsk29
        • Why are the attackers

          so anti-Windows? Why don't they exploit Linux, Mac OS X, Android or iOS? Perhaps they simply can't.
          eulampius
          • They exploit Windows...

            because it's the operating system that runs in 92% of the computers of the world! They have more chance of getting whatever they want if they attack Windows computers, because the majority of users are using that operating system. Understand that writing an exploit is a tedious work. For the last time, please, read the security advisory from the Tor Project, please. It's a Firefox vulnerability related to JavaScript, and it's a cross-platform vulnerability!
            leonsk29
          • Re: it's the operating system that runs in 92% of the computers of the worl

            Easy boy, easy. Windows might (not proven) run on 92% of the world's corporate desktops, but in no way it runs on even 10% of the worlds *computers*. I believe, 10% is way too generous too, but let's be nice to Microsoft.

            Also, most of the open source unix desktops, that include Linux are simply not accounted for in any statistics, because these systems are never "sold" and are not thus part of the "market".

            At the end, Windows was attacked, because it's trivial to penetrate, not for any other reason. The firefox running on my unix platform can't execute binaries.. simple as that.
            danbi
          • In 2013 there is no need for using Windows...

            ... and decent people who want stable, security, save money and tons of free software should move to Linux.
            MacBroderick
          • They're not against Windows

            They just realize that the vast majority of all users are Windows users. Besides that, Windows is the easiest operating system to exploit, because Microsoft themselves have already put back doors on the systems and intentionally put in several security breaches.
            Linux is much more secure by comparison, and has a much smaller user base.
            William Cannon
      • There's no common sense...

        in switching away from Windows when the attack would have been successful with the same results in other operating systems. By switching you're attacking the symptom, not the desease. The exploit is Firefox-specific and related to JavaScript, and those programs exist in other operating systems as well.
        leonsk29
        • It wouldn't have

          It wouldn't have had the same result with other operating systems. That's why we're encouraged to switch to something else.
          William Cannon
  • If you use the Tor Browser Bundle within Windows...

    just update Firefox to the latest version. This vulnerability has been fixed since a long time ago. It's your fault if you're using an old version of Firefox like 17.
    leonsk29