[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] WannaCry fallout FYI

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] WannaCry fallout FYI
From: Roger Dingledine <arma@xxxxxxx>
Date: Mon, 15 May 2017 03:38:08 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 15 May 2017 03:38:22 -0400
In-reply-to: <77f47be5-0e1c-8aa7-7472-885490bb9c90@balist.es>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <ACF5A948-2B0B-4EDD-847C-1240AC71BB17@brazoslink.net> <713C90EE-5EFF-48A7-9B15-02D39F286DB4@to-surf-and-protect.net> <99a3c234-b073-8733-852e-524648c47aa1@riseup.net> <77f47be5-0e1c-8aa7-7472-885490bb9c90@balist.es>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mutt/1.5.20 (2009-12-10)

On Mon, May 15, 2017 at 09:17:33AM +0200, Cristian Consonni wrote:
> > | https://dist.torproject.org/torbrowser/6.5.1/tor-win32-0.2.9.10.zip
>
> Was the increased number of downloads from the malware visibile from the
> logs?

I looked, and there were a few hundred downloads per day. It didn't
look like a huge number. Maybe people misread the code, or maybe there
aren't actually that many infections and all the "threat intelligence"
companies want to keep talking about it anyway, or who knows.

But the low number of downloads, plus the fact that folks said they'd
disabled the ransomware component (by registering the domain it checked),
plus the fact that I hadn't investigated the worm code to figure out if
it did anything surprising when the URL is disabled, made me decide to
leave it alone.

--Roger

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] WannaCry fallout FYI
  - From: Cristian Consonni

References:
- [tor-relays] WannaCry fallout FYI
  - From: Jon Gardner
- Re: [tor-relays] WannaCry fallout FYI
  - From: niftybunny
- Re: [tor-relays] WannaCry fallout FYI
  - From: Mirimir
- Re: [tor-relays] WannaCry fallout FYI
  - From: Cristian Consonni

Prev by Author: Re: [tor-relays] Memory Problems with tor releay
Next by Author: Re: [tor-relays] WannaCry fallout FYI
Previous by thread: Re: [tor-relays] WannaCry fallout FYI
Next by thread: Re: [tor-relays] WannaCry fallout FYI
Index(es):
- Author
- Thread