Delivery-Date: Thu, 18 Feb 2016 16:51:58 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 58A931E08D6;
	Thu, 18 Feb 2016 16:51:56 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 9698D395ED;
	Thu, 18 Feb 2016 21:51:51 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 7F558395C3
 for <tor-talk@lists.torproject.org>; Thu, 18 Feb 2016 21:51:47 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id qVQ3qTSHvy27 for <tor-talk@lists.torproject.org>;
 Thu, 18 Feb 2016 21:51:47 +0000 (UTC)
Received: from justaguy.pw (justaguy.pw [195.154.103.12])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id 025B73963F
 for <tor-talk@lists.torproject.org>; Thu, 18 Feb 2016 21:51:34 +0000 (UTC)
X-Greylist: delayed 527 seconds by postgrey-1.34 at eugeni;
 Thu, 18 Feb 2016 21:51:35 UTC
To: tor-talk@lists.torproject.org
References: <A154C659-98B9-4B5A-AE8B-89A67EA8BF78@riseup.net>
 <56C63981.2080604@gmail.com>
From: justaguy <justaguy@justaguy.pw>
X-Enigmail-Draft-Status: N1110
Message-ID: <56C63AD3.4000002@justaguy.pw>
Date: Thu, 18 Feb 2016 22:42:43 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101
 Icedove/38.5.0
In-Reply-To: <56C63981.2080604@gmail.com>
Subject: Re: [tor-talk] large increase in .onion domains
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============6600536678090227327=="
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============6600536678090227327==
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature";
 boundary="7PerscOFcdGBeasv6XBNWuoq6QCHNk0FU"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--7PerscOFcdGBeasv6XBNWuoq6QCHNk0FU
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

The large increase is probably caused by Locky.
http://arstechnica.com/security/2016/02/locky-crypto-ransomware-rides-in-=
on-malicious-word-document-macro/
http://researchcenter.paloaltonetworks.com/2016/02/locky-new-ransomware-m=
imics-dridex-style-distribution/
As far as I know, each infection is a new .onion that gets generated.
Their instructions to decrypt look like this: http://i.imgur.com/abAiFUP.=
png

On 02/18/2016 10:37 PM, aka wrote:
> Lots of fucking cryptolocker ransomware, generating an own onion and
> bitcoin address for every "customer".
>
> Scfith Rise up:
>> I am just wondering why there has been a huge increase in .onion domai=
ns on http://metrics.torproject.org. Is this just an error or something e=
lse going on?=20
>>



--7PerscOFcdGBeasv6XBNWuoq6QCHNk0FU
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJWxjrTAAoJEGCeKELLBswj5cgP/3JgJt+fa8dBIenm+hLdPBZw
jtRrXHyIMNXFMqgdfB4H6cgpV0EwXF1Q+iUMtI8XDfXNxbSYiLuBdW2wUQ/U5bBp
W+pSE4SEAC9+3yzE3C21NY7aHll6DQKGSQslryyCM7ctyBYomoQQfORTOq3Z/blM
PEGC7RQdj9PcuBjk5/SmeT6vQS0VSjfYraKyhX7mxe0UmJq2maAf5Kfq8LPg7d9B
qhcYkrttSCJOQNlSPJN1KBWwtU0yQVkSAfnbtiGr06Sinhn2bFIKL1sTwaHFWvjO
V6uvz+BH2RHoElvkgJE+TdsjEJzBJx3Hi29zyL/TgrDBndovIccDEFqFwVbXGxFG
hD1pLEgpWcGM9/dI9xQMR34y0FOYRcoOHPzxbRDfY2sy4wmk2/NsjuPW8Ysk+Upg
3wxmb3fQzYrUFAWUQZpEEKdrSw4Qt1dnL7buFL170xtCcd9fpI8Czb7TlEgQspH+
h3+N6qyFXUd/dz9fpYFWAaPwCHUE91N1dofmk1RoigO1GkuM5RjACbh4DjsB6xE2
vlTJr4AMlai/chOfI0FHqOAG/L5zTm3URflBb7M4pfX66mWFuQBT5lYHTC3ibLwD
4BxC/e3cgNIZr1L4Ny0RncMpNg9feKlWgGiwPOY43befY4yoMZKy70M78/I/TZRK
psJ68pXClPGMSBh/qQIZ
=O8l0
-----END PGP SIGNATURE-----

--7PerscOFcdGBeasv6XBNWuoq6QCHNk0FU--

--===============6600536678090227327==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

--===============6600536678090227327==--

