Thought you guys might like this - A couple of weeks ago many noticed a large and sudden increase in Tor usage. There were a bunch of theories on what the cause was. Here is a SANS diary covering it:
https://isc.sans.edu/diary/Tor+Use+Uptick/16478
As it turns out, the owners of the Mevade botnet moved their command-and-control infrastructure over to a Tor server in an attempt to become more stealthy; the idea backfired when the entire bot (estimated 1.5 - 5 million hosts) all began using the Tor service to check in, causing an extremely sudden and visible increase in Tor usage. Their very attempts at obscurity is what ultimately got the botnet noticed.
Darkreading covers it here:
How The Massive Tor Botnet 'Failed' -- Dark Reading
As the article suggests 'the bad guys can screw up, too' - Very interesting closure to the Tor use issue, IMO. So I thought I'd share.
Edit: More detailed reading on the botnet itself at the Fox-IT blog:
http://blog.fox-it.com/2013/09/05/large-botnet-cause-of-recent-tor-network-overload/
