Comment Re:A Microsoft Killswitch (Score 5, Interesting) 214
This doesn't sound much different to any other anti-virus removal. Microsoft almost certainly used the Microsoft Security Essential update to kill Sefnit, as they do with so many other viruses.
"the total number of computers on the Tor network ballooned from 1 million to 5.5 million as Sefnit spread"
These weren't dedicated Tor nodes that were taken offline because they were being used for malicious purposes, these were infected PCs with a virus that used Tor as the communication protocol. An outdated and vulnerable version of Tor was hidden in a "location that almost no human user would"
If a PC was infected with Sefnit and had the signature old version of Tor in the hidden location, Tor was removed because it's logically the case that Tor was just part of the virus payload. Because of the unique install directory, there wasn't even a remote chance for false positives. Publicly available tools that can be used for good or bad are hijacked by viruses all the time, and it's never a surprise if an anti-virus removes that tool when the virus specific files are removed.