Bitdefender detects Tor Browser Bundle Javascript exploit

Bitdefender has added detection against the Tor Browser Bundle exploit. The exploit has been involved in an operation aimed at de-anonymizing the users of websites hosted by FreedomHosting.

Exploit.JS.Agent.BB uses a heap-spraying technique to break the javascript engine and eventually drop and execute a payload file, such as this one. As the exploit is publicly available, we judge the probability of it being used in other attacks by other actors as high.

So far, a handful of installed Bitdefender instances in France and the Dominican Republic have reported detection of the exploit.

9 Responses to Bitdefender detects Tor Browser Bundle Javascript exploit

  1. ViRii says:

    “operation aimed at de-anonymizing” rumors say that was used by *.*.* to catch pedo’ hidden behind TOR

    Do no if is a good news that they will catch some pedo, or if is a bad news knowing that they have 0-days 🙂

    • smr says:

      No 0-day was used, although the exploit was previously unknown the bug had actually been known for a short while:

  2. DJ says:

    Though pedophilia may be a problem, it is most certainly the usual pretext to go after anyone who is disliked in a frame-up operation. It is very easy to plant pedo material on a computer (similar to the way drugs can be planted on someone).

  3. ViRii says:

    bugul(2013-53) a fost facut public pe 25 iunie, articolul de la care a pornit totul “FBI says Irishman is baron of online child porn” a fost publicat pe 3 august. respectivul “was arrested on Thursday on foot of an extradition warrant was issued by a US court on Jul 29 last”,
    Pe 4 august “large number of hidden service addresses have disappeared from the Tor Network. There are a variety of rumors about a hosting company for hidden services: that it is suddenly offline, has been breached, or attackers have placed a javascript exploit on their web site.”

    ~1 luna pentru a planifica si executa o operatiune de asemenea amploare si la un asemenea nivel e oarecum SF => cel mai probabil cei de la fbi/nsa/*.*.* cunosteau bugul ala cu mult inainte de a deveni public.
    “This vulnerability was fixed in Firefox versions 17.0.7 and 22, which were released on June 25, 2013.” *
    Publicarea bugului doar a grabit operatiunea.

    *blog . mozilla . org/security/2013/08/04/investigating-security-vulnerability-report/

  4. Danny Gould says:

    need to download bitdefender rootkit scan and removal

  5. james says:

    browser protector for safari does not install…