Anti-Malware Research

Bitdefender detects Tor Browser Bundle Javascript exploit

Bitdefender has added detection against the Tor Browser Bundle exploit. The exploit has been involved in an operation aimed at de-anonymizing the users of websites hosted by FreedomHosting.

Exploit.JS.Agent.BB uses a heap-spraying technique to break the javascript engine and eventually drop and execute a payload file, such as this one. As the exploit is publicly available, we judge the probability of it being used in other attacks by other actors as high.

So far, a handful of installed Bitdefender instances in France and the Dominican Republic have reported detection of the exploit.

About the author



Razvan Stoica is a journalist turned teacher turned publicist and technology evangelist. When Bitdefender isn't paying him to bring complex subjects to wide audiences, he enjoys writing fiction, skiing and biking. Razvan Stoica started off writing for a science monthly and was the chief editor of a science fiction magazine for a short while before moving on to the University of Medicine in Bucharest where he lectured on the English language. Recruited by Bitdefender in 2004 to add zest to the company's online presence, he has fulfilled a bevy of roles within the company since. In his current position, he is primarily responsible for the communications and community-building efforts of the Bitdefender research and technology development arm.


Click here to post a comment
  • “operation aimed at de-anonymizing” rumors say that was used by *.*.* to catch pedo’ hidden behind TOR

    Do no if is a good news that they will catch some pedo, or if is a bad news knowing that they have 0-days 🙂

    • No 0-day was used, although the exploit was previously unknown the bug had actually been known for a short while:

  • Though pedophilia may be a problem, it is most certainly the usual pretext to go after anyone who is disliked in a frame-up operation. It is very easy to plant pedo material on a computer (similar to the way drugs can be planted on someone).

  • bugul(2013-53) a fost facut public pe 25 iunie, articolul de la care a pornit totul “FBI says Irishman is baron of online child porn” a fost publicat pe 3 august. respectivul “was arrested on Thursday on foot of an extradition warrant was issued by a US court on Jul 29 last”,
    Pe 4 august “large number of hidden service addresses have disappeared from the Tor Network. There are a variety of rumors about a hosting company for hidden services: that it is suddenly offline, has been breached, or attackers have placed a javascript exploit on their web site.”

    ~1 luna pentru a planifica si executa o operatiune de asemenea amploare si la un asemenea nivel e oarecum SF => cel mai probabil cei de la fbi/nsa/*.*.* cunosteau bugul ala cu mult inainte de a deveni public.
    “This vulnerability was fixed in Firefox versions 17.0.7 and 22, which were released on June 25, 2013.” *
    Publicarea bugului doar a grabit operatiunea.

    *blog . mozilla . org/security/2013/08/04/investigating-security-vulnerability-report/

  • <strong>… [Trackback]</strong>

    […] Find More Informations here: […]