Microsoft Remotely Deletes Tor From Two Million Machines

It has been revealed that Microsoft has taken several significant steps in order to end the spread of a malicious botnet that was automatically installing itself on users machines who were running a version of the Windows OS.

The Sefnit bot, which first reared its ugly head back in 2011, resurfaced on the wires sometime in early August of 2013, and was able to automatically spread through the Tor relay by installing secret nodes on every computer in came into contact with along the chain.

Earlier we reported that the current number of users utilizing Tor on their networks was around 45 million people, or 11% of the total sum of connected devices currently being counted as a part of the open web.

That number is expected to have gone up considerably since the survey was taken pre-Snowden leaks, and although it’s difficult to pin down the exact figures on how many people are using a network that is specifically designed to keep them as uncountable and hidden as possible, many analysts suspect that more people are hooked up to the relays now than ever before.

Some even believe it was this very same 600% increase in Tor traffic that led malware vendors to target the  program.


Microsoft claims they didn’t see another viable option to squashing out the Sefnit botnet other than taking the matter into their own hands.

“The security problem lies in the fact that during a Sefnit component infection, the Tor client service is also silently installed in the background. Even after Sefnit is removed, unless specific care is taken, the Tor service will be left and still regularly connect to the Tor Network.”

By updating their signatures to remove any software containing traces of the bug in their Windows Defender/Security Center suite, the team at Microsoft were able to completely wash out all threats with a single update, effectively stopping the spread of the infection in its tracks.

A spokesman for the company assured the public that these were extraordinary circumstances, and that they took no pleasure in modifying the system files of their loyal and dedicated userbase.