(But to compromise many users, there might not be a need for a complicated, expensive large-scale attack -- if you can infect someone with malware, it renders whether or not they are using Tor moot).
But unless you already know who they are, how do you get malware onto their machines? The Tor Browser Bundle has been carefully tuned to minimise attack vectors, so it could be quite hard for people who use Tor "correctly".
