And once again how prescient that was. In retrospect, this was the first remote execution vulnerability to be used against Tor users, it just wasn't as obvious because the people who got pwned copied the link into a regular browser. Ironically, I used a disposable Win XP VM to look at and identify the malware in this case without getting pwned.