[tor-relays] WannaCry fallout FYI
Cristian Consonni
cristian at balist.es
Mon May 15 07:58:26 UTC 2017
On 15/05/2017 09:38, Roger Dingledine wrote:
> On Mon, May 15, 2017 at 09:17:33AM +0200, Cristian Consonni wrote:
>>> | https://dist.torproject.org/torbrowser/6.5.1/tor-win32-0.2.9.10.zip
>>
>> Was the increased number of downloads from the malware visibile from the
>> logs?
>
> I looked, and there were a few hundred downloads per day. It didn't
> look like a huge number. Maybe people misread the code, or maybe there
> aren't actually that many infections and all the "threat intelligence"
> companies want to keep talking about it anyway, or who knows.
Interesting. In fact, I though that downloading the whole browser seemed
to be not so smart, surely there are better ways to connect
programmatically to the tor network.
To my untrained eye, this malware seems to be both clever
(self-replication) and dumb (kill switch, downloading the browser) at
the same time.
> But the low number of downloads, plus the fact that folks said they'd
> disabled the ransomware component (by registering the domain it checked),
> plus the fact that I hadn't investigated the worm code to figure out if
> it did anything surprising when the URL is disabled, made me decide to
> leave it alone.
Very reasonable.
Thanks for the info.
Cristian
More information about the tor-relays
mailing list