Hanlon’s Razor is all well and good as a heuristic, but tends to lead to people discounting malice much too often. Also, I really didn’t say we were “under attack”

I absolutely don’t know, but my guess would be spambots or somesuch

If the data you’re handling isn’t sensitive in any way (or you can eg. anonymise / pseudonymise it) and you don’t have anything else sensitive on the VM, it wouldn’t really matter either way – and as @[email protected] said, if you’re running an executable from some yarrr site you’re probably going to get malware

Just run it in a VM?