Delivery-Date: Tue, 24 Jun 2014 13:56:57 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 10E4C1E0C07
	for <archiver@seul.org>; Tue, 24 Jun 2014 13:56:55 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id A250F2FE88;
	Tue, 24 Jun 2014 17:56:54 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 7F00E2F68B
 for <tor-talk@lists.torproject.org>; Tue, 24 Jun 2014 17:55:05 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id G6ONzuS65M_C for <tor-talk@lists.torproject.org>;
 Tue, 24 Jun 2014 17:55:05 +0000 (UTC)
Received: from mail-wg0-x22f.google.com (mail-wg0-x22f.google.com
 [IPv6:2a00:1450:400c:c00::22f])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 1F0482F62C
 for <tor-talk@lists.torproject.org>; Tue, 24 Jun 2014 17:55:02 +0000 (UTC)
Received: by mail-wg0-f47.google.com with SMTP id k14so780355wgh.30
 for <tor-talk@lists.torproject.org>; Tue, 24 Jun 2014 10:54:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:reply-to:sender:from:date:message-id:subject:to
 :content-type; bh=ar77+6w6E33C7Dp6B9TNS2ki/RQlTeBmRQ18Jaidak4=;
 b=dgIVWy3HKdAobV2PlhTg9KZB8as/FtVINmdkCF4dEGRBMurPlRszT4iXTCZwFDpBbu
 HjpCA7VqG8Xd/kVm0YXk1sJBLv4qQ9g2gbTbROpwwt1rLwNzTY+zO4X0gr5I7mtt/Vq9
 Ai8Lm/4sViPvwniGm51/MmDZ5/A72uTgFtDnMSBhcPEwMBdnRFAcaaVyBXFmY+dagmXO
 Lr2OzFqn0j6jnf20MBdNzDknpwyvWS9HIq0yZBDrnhVBgay5NMU4gK/xuRxCSMo5c5Zf
 AD1icYSFSVL1FYHg3zPH5tu8GZSLnO+BDeIIeZTdJWE7/a0Gnh1kyYwtpI8cwZhGyob0
 YfuA==
X-Received: by 10.180.189.210 with SMTP id gk18mr930952wic.66.1403632498109;
 Tue, 24 Jun 2014 10:54:58 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.217.150.6 with HTTP; Tue, 24 Jun 2014 10:54:28 -0700 (PDT)
From: Rich Jones <rich@openwatch.net>
Date: Tue, 24 Jun 2014 10:54:28 -0700
X-Google-Sender-Auth: astZe2hdDbXSAxftfRxAcETLYsw
Message-ID: <CADJYzxKMoDb_xPbJRn6tejKLOjvKvnRa3+mjX+gPGtB_5zGHQQ@mail.gmail.com>
To: tor-talk@lists.torproject.org
X-Content-Filtered-By: Mailman/MimeDel 2.1.15
Subject: [tor-talk] Tor Phishing in the Wild // Old Sigs
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

Hey all!

There's (what looks like) an active Tor phishing operation located at
http://torbundleproject (dot) org . I believe this is related to black
market scammer.

They're offering up a slightly old version of the TBB, but I can't find a
list of the old signatures on the Tor website to compare with. Can anybody
diff the files 'torbrowser-install-3.6.1_en-US.exe' to see what's going on
here?

R

PS - Just signed up for this list - can you PLEASE do something about
mailman emailing me my own password in plaintext upon sign up? JFC..

For the lazy..

$whois torbundleproject.org
Domain Name:TORBUNDLEPROJECT.ORG
Domain ID: D172721659-LROR
Creation Date: 2014-05-28T20:50:39Z
Updated Date: 2014-06-23T20:09:22Z
Registry Expiry Date: 2015-05-28T20:50:39Z
Sponsoring Registrar:PDR Ltd. d/b/a PublicDomainRegistry.com (R27-LROR)
Sponsoring Registrar IANA ID: 303
WHOIS Server:
Referral URL:
Domain Status: clientTransferProhibited
Domain Status: serverTransferProhibited
Registrant ID:DI_36617197
Registrant Name:Bobby Jones
Registrant Organization:Tor Project
Registrant Street: 432 Garden Street
Registrant City:Beverly Hills
Registrant State/Province:CA
Registrant Postal Code:90210
Registrant Country:US
Registrant Phone:+1.9843982938
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email:sr2admin@safe-mail.net
Admin ID:DI_36617197
Admin Name:Bobby Jones
Admin Organization:Tor Project
Admin Street: 432 Garden Street
Admin City:Beverly Hills
Admin State/Province:CA
Admin Postal Code:90210
Admin Country:US
Admin Phone:+1.9843982938
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email:sr2admin@safe-mail.net
Tech ID:DI_36617197
Tech Name:Bobby Jones
Tech Organization:Tor Project
Tech Street: 432 Garden Street
Tech City:Beverly Hills
Tech State/Province:CA
Tech Postal Code:90210
Tech Country:US
Tech Phone:+1.9843982938
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email:sr2admin@safe-mail.net
Name Server:NS4.ITITCH.COM
Name Server:NS3.ITITCH.COM
Name Server:NS2.ITITCH.COM
Name Server:NS1.ITITCH.COM
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
DNSSEC:Unsigned
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

