Microsoft removes vulnerable Tor to protect customers

Microsoft has removed Tor vulnerable program to protect computers from future infections. Everything is done for the benefit of customer computers to make them clean and safe.

Vulnerable Tor software installed Sefnit malware. It uses Tor to communicate with the C&C server and botnet nodes. The number of affected computers is not known while according to the first estimation there are several millions. Last august the number of infected computer have increased from 1 million to 5.5 million in just two weeks.

Tor signature have been added to Microsoft antivirus database on October 27 and on November 12 they were included in the Malicious Software Removal Tool and delivered on Windows computers through the automatic windows updates and Microsoft Update procedures.
In November 2013 the number of Tor users decreased to 2 million Just then Microsoft remotely removed Sefnit without alerting users about this action. This made that Microsoft has cleared 3.5 million PCs.

Tor3b

According to Microsoft “Our actions so far have put a dent in the number of users at risk, but more work is needed to address an estimated two million machines that have yet to be reached. Many of the unreached machines are likely not running Microsoft security software, and we need your help to reduce this risk further.”

This is a good step but I think that in the future Microsoft needs to alert customers about the actions before making the change so they can choose between opt in or opt out the change. remaining computers with vulnerable Tor they are not using Microsoft AV.

Share