[tor-relays] WannaCry fallout FYI
Roger Dingledine
arma at mit.edu
Mon May 15 08:25:54 UTC 2017
On Mon, May 15, 2017 at 09:58:26AM +0200, Cristian Consonni wrote:
> Interesting. In fact, I though that downloading the whole browser seemed
> to be not so smart, surely there are better ways to connect
> programmatically to the tor network.
It is not the whole browser -- it is the "windows expert bundle":
https://www.torproject.org/download/download
So it is indeed stupid to treat its libraries like the cloud, but
not so stupid that it's fetching the whole tor browser.
> To my untrained eye, this malware seems to be both clever
> (self-replication) and dumb (kill switch, downloading the browser) at
> the same time.
Also ask yourself whether it checks the signature of the tor win32 thing
that it downloads before running it. :( Good thing we're not evil.
--Roger
More information about the tor-relays
mailing list