Beware wolf dressed in Tor's clothing: new rash of malware

Nick Mathewson from the Tor project (a free tool that helps with anonymity and privacy online) says:

I guess you've really arrived when botnet spammers start using your name to trick hapless users into install their malware.

Around this morning, people started getting Spam with subject lines like "What you do online is at risk" and "Careful, you.re being watched" and "You are being watched online."

The message contents tell people to download Tor.

Obviously, this spam doesn't come from us, and the links aren't links to the real Tor software. Instead, if you click the links, you'll get a bunch of nasty javascript to try to fool your browser into installing a botnet client.

As always, you can find the real Tor software at https://tor.eff.org/. All legitimate Tor packages are signed; you can find instructions for verifying the signatures here [ Link ].

Ben Laurie has funny comments here [ Link ]; f-secure has a writeup here [ Link ].