Why TOR Operators SHOULD always sniff their exit traffic...

[Kristian Köhntopp]

On Wednesday 08 June 2005 21:51, tor wrote:
> Of particular interest is the increasing
> sophistication of automated worm-based attacks. He cites the
> developing W32.spybot.KEG
> worm -- once inside a network it scans for several
> vulnerabilities and reports its findings via IRC. 

And Sober variants routinely use JAP to fetch updates.

Kristian