No it did not. They distributed a new version via the build-in updater to try to remove the malware from the copies downloaded from the website. Sparkle use a digital signature and the malware author did not have the private key to create a valid signature for the update. So even if a malware was downloaded, Transmission would report a "invalid archive downloaded" error.