On Mon, May 15, 2017 at 09:17:33AM +0200, Cristian Consonni wrote:
| https://dist.torproject.org/torbrowser/6.5.1/tor-win32-0.2.9.10.zip
Was the increased number of downloads from the malware visibile from the logs?
I looked, and there were a few hundred downloads per day. It didn't look like a huge number. Maybe people misread the code, or maybe there aren't actually that many infections and all the "threat intelligence" companies want to keep talking about it anyway, or who knows.
But the low number of downloads, plus the fact that folks said they'd disabled the ransomware component (by registering the domain it checked), plus the fact that I hadn't investigated the worm code to figure out if it did anything surprising when the URL is disabled, made me decide to leave it alone.
--Roger