In October 2013, Microsoft adopted a silent, offensive method to tackle infection due to a Tor-based botnet malware called ‘Sefnit‘.
In an effort to takedown of the Sefnit botnet to protect windows users, Microsoft remotely removes the older versions of installed Tor Browser software from 2 Million systems, even without the knowledge of system owner or the Tor developers.
Last year in August, after Snowden revelations about the National Security Agency’s (NSA) Spying programs, the Internet users were under fear of being spied.
During the same time Tor Project leaders noticed almost 600% increase in the number of user over the anonymizing networks of Tor i.e. the total users became 1.2 million, from 600,000 within weeks.
‘The security problem lies in the fact that during a Sefnit component infection, the Tor client service is also silently installed in the background. Even after Sefnit is removed, unless specific care is taken, the Tor service will be left and still regularly connect to the Tor Network.‘
“We modified our signatures to remove the Sefnit-added Tor client service. Signature and remediation are included in all Microsoft security software, including Microsoft Security Essentials, Windows Defender on Windows 8, Microsoft Safety Scanner, Microsoft System Center Endpoint Protection, and Windows Defender Offline.” and later also in Malicious Software Removal Tool.
But why Tor Browser, rather than removing Malware executables?
“Tor is a good application used to anonymize traffic and usually poses no threat. Unfortunately, the version installed by Sefnit is v0.2.3.25 – and does not self-update. The latest Tor release builds at the time of writing is v0.2.4.20.“
But out of these 2 Million systems, obviously many of them would have Tor browser install intentionally for keeping themselves anonymous on the Internet.
Why not Internet Explorer?
Microsoft’s own Internet Explorer browser having more than 221 known vulnerabilities, many of them with severity ‘critical‘ in nature, allow remote attackers to execute arbitrary code or cause a denial of service attacks.
Why Microsoft haven’t deleted or removed Internet Explorer remotely from windows users’ to protect them?
The action also clarifies the capability of Microsoft i.e. able to remove any software from your computer. Is it not worrying?