Slashdot Mirror


Microsoft Remotely Deleted Tor From Windows Machines To Stop Botnet

An anonymous reader writes "Microsoft remotely deleted old versions of Tor anonymizing software from Windows machines to prevent them from being exploited by Sefnit, a botnet that spread through the Tor network. It's unclear how many machines were affected, but the total number of computers on the Tor network ballooned from 1 million to 5.5 million as Sefnit spread. 'By October, the Tor network had dropped two million users thanks to Sefnit clients that had been axed. No one, not even the Tor developers themselves, knew how Microsoft had gone on a silent offensive against such a big opponent and won a decisive battle,' the Daily Dot reported. In a blog post, Microsoft claimed it views Tor as a 'good application,' but leaving it installed presented a severe threat to the infected machines."

4 of 214 comments (clear)

  1. Next... by TechwoIf · · Score: -1, Troll

    Upcoming: MS deletes Firefox, saying it was used to infect millions of computers.

    1. Re:Next... by vlueboy · · Score: -1, Troll

      Upcoming:

      MS deletes Firefox, saying it was used to infect millions of computers.

      Microsoft only deleted the install used as part of Sefnit. They didn't disable legitimate installs, and they're not out to squash your freedom.

      Which does not prevent them from dumping extension garbage silently in Firefox. I forget if they do the same with Silverlight and .Net.
      It seems they calmed down since 2010, but I still have or see it in some old systems, which we all know are going to stick around forever given Windows XP + Firefox's tag team.

      Losing potential search hits due to Bing search redirects is probably why Chrome 25 introduced blocking of these silent extensions.

  2. Re:A Microsoft Killswitch by number17 · · Score: -1, Troll

    What did you think it did? You have the option of not running it.

    The technical information doesn't exactly say it removes TOR or any particular version:

    Additional information
    The Sefnit family is known to use Tor or SSH provided by PuTTY as its C&C communication channel.

    Some variants add a Tor service under the display name "Tor Win32 Service". This a legitimate service that is used by the trojan to anonymize it’s network traffic.

    Since August 2013, there has been a considerable increase in the Tor network's incoming connecting users - this is believed to be as result of the Sefnit family using Tor for its C&C communication. This is shown in the following graph from the Tor metrics portal:

    Some people find TOR using a Chrome browser. Should they have the authority to remove that too only to tell you about it later in a blog?

  3. Cost of ownership by gmuslera · · Score: -1, Troll

    So much effort defending Windows against Linux using cost of ownership as argument and this proves that Microsoft is still owning the Windows you "bought".