Microsoft Secretly Beheads Notorious Waledac Botnet 381
Barence writes "Microsoft has quietly won court approval to deactivate 277 domain names that are being used to control a vast network of infected PCs. The notorious Waledac botnet is being used by Eastern European spammers to send 1.5 billion spam messages every day, and infect hundreds of thousands of machines with malware. In a suit filed in the US District Court of Eastern Virginia, Microsoft accused 27 unnamed defendants of violating federal computer crime laws. It further requested that domain registrar Verisign temporarily deactivate the domains, shutting down the control servers being used to send commands to the machines. The request was secretly approved by District Judge Leonie Brinkema, allowing the action to be taken covertly, preventing Waledac's operators from switching domains."
Re:"East European" (Score:3, Informative)
Re:One step toward active botnet fighting? (Score:5, Informative)
It actually has come to the point where botnets are actively removing other malware from the infected computer, much like a parasite killing off other parasites so that it has sole possession of the host.
Re:"East European" (Score:5, Informative)
This can also be started manually by running "MRT.exe" from the run prompt. The month of the update is in the title bar, so it's easy to tell if you're current or not.
MS is already doing that. (Score:2, Informative)
Ever heard of Malicious Software Removal Tool [microsoft.com] that is rolled out in in the monthly patch cycle. It kills software MS deems bad. No court approval for that.
Re:Secret courts, secret orders, ... (Score:5, Informative)
In most cases, a court won't issue a TRO without notice to the defendants and a hearing to allow the sought-to-be-enjoined party to response to the Motion for TRO. In some situations, like this, where mere notice might allow the Defendants to further the harm, the court orders the TRO without notice to the enjoined party. The Order allows the Plaintiffs to demand third parties to do or stop doing something for the enjoined party - the first notice to them is when they can't access bank accounts, or their vendor refuses to cooperate, etc.
The safeguards built into the system are (1) the cash bond, (2) a neutral judge that weighs the likelihood of irreversible damage and proof of the initial allegations against the harm from enjoining a party before a verdict, and most importantly, (3) that these are TEMPORARY. The judge will order a hearing with BOTH parties within (usually) 10 days of the TRO issuance, at which time the Defendants can object, rebut the Plaintiff's allegations, and ask the court to lift the injunction. At that point, it is a dispute between two noticed parties before a neutral court.
Re:Contingencies (Score:5, Informative)
Not a new idea. Google is working actively to stop this kind of abuse, which they do by forcing you to go through a captcha if you try to search for terms that are related to malware. I have taken apart a few "evil" programs that did google searches, and each time I found that the search terms had a captcha block.
State of the art for malware is to use a generator function (typically a hash) to generate random domain names. If it loses contact with the C&C servers it will use this generator to try domain names until it finds a new configuration file (propperly encrypted and signed). For the controller they only need to register one of the domain names generated by the hash and eventually the bots will all reconnect.
NOT a DNS issue you boob! (Score:5, Informative)
This has nothing to do with US control of DNS.
They went to the domains' REGISTRAR (GoDaddy) and got THEM to disable the domains.
Control of DNS could be in the hands of Bumblefuckistan and they still could have done this.
Re:Secret Order For A Reason (Score:1, Informative)
The "secret" was revealed by MS in a blog post *AFTER* the deactivating the domains, describing the aftermath. Dumbass..
Re:Contingencies (Score:4, Informative)
The notion that "anybody can make it in the US if they work hard" is a fairy tale.
Seriously. Be born rich. That's the way to go.
The notion that the notion is a fairytale is a fairytale. People love to blindly spread memes like this because they enjoy feeling sorry for themselves, but it simply isn't true:
Rags To Riches Billionaires [forbes.com]: "Almost two-thirds of the world's 946 billionaires made their fortunes from scratch, relying on grit and determination"
That doesn't mean everyone can end up a billionaire, but it's simply false that this notion that 'anyone can make it' is a fairytale; it's borne out on practically a daily basis. If you open your eyes and look, you'll find true-life rags-to-riches story under every second stone you turn --- especially in the USA, but also these days frequently in places like China. But yeah, not everyone is born hard-working, I guess, so keep sitting and feeling sorry for yourself and you'll definitely ensure that nothing ever changes for you.
Rags to Riches CEOs [minyanville.com]
7 greatest celebrity rags to riches stories [peoplejam.com]
Rags to Riches [arabianbusiness.com]
Entrepreneur takes women from rags to riches [iol.co.za]
Rags to Riches billionaires [forbes.com]
Asian American Rags to Riches Sagas [goldsea.com]
Case Study: From Rags to Riches (Brenda French) [womenslead...change.com]
Cordia Harrington: From Rags to Riches Success Story [womenhomebusiness.com]
Local cosmetics magnate reveals rags-to-riches life story [taipeitimes.com]
China: A rags-to-riches story to dream about (Yan Huiyan) [atimes.com]
China’s paper magnate is a rags-to-riches story, literally [indianexpress.com]
Rags to riches: Bill MacAloney: from orphan to successful business owner to CBA [findarticles.com]
From rags to riches: Filipino weavers trade up [reuters.com]
Etc. etc. blah blah ... I could go on pasting these stories in here all day. Nothing worse than listening to whiny losers feeling sorry for themselves that they weren't born rich.
Re:Contingencies (Score:1, Informative)
You did not successfully argue against the GP. First, you mention 2/3 of the world's billionaires. GP was clearly talking about the US, not the entire world. Second, GP was talking about doing well in life, which is a superset of the billionaire set. Factors contributing to a subset (billionaires) of people doing well in life are not necessarily equivalent to factors to the whole set of people doing well in life.
As for the rest of your post, anyone can post anecdotes all day long. Anecdotes are not statistically significant.
Re:Contingencies (Score:4, Informative)
Whom do you know who has worked hard and yet failed to secure a comfortable life for themselves? Millions of immigrants prove you wrong by coming with almost nothing, starting restaurants / laundry shops / convenience stores, and then sending their kids to college to become doctors and lawyers.
Sure, if you want to become filthy rich, you need a lot of breaks: talent (not necessarily the "getting good grades" kind of talent), opportunity, and drive. But I don't know anyone who worked hard at improving their situation who is still poor.
Re:It pains me to say this... (Score:3, Informative)
You have a point - any system CAN BE rooted. The thing is - it isn't being done, right? And, there is no reason to think that it is going to be done any time soon. As I say - if/when Microsoft makes systems that are at least as secure as the most popular Unix derivative (Would that be Mac, or Ubuntu?) THEN MS will deserve a hooray. I'm not even suggesting that SEL be enabled. I'll accept Ubuntu's default security settings, or Mac's or Redhat's - it doesn't matter. Default.
Yes, Windows 7 is pretty good, out of the box with default settings. I'm not yet believing that it compares to any of the Unix derivatives. In a year or so, I may have to grudgingly admit that it really is, or I may not. That old "security through obscurity" thing has something going for it, after all. Just because you know that I'm using a *nix doesn't tell you what will work to break into my system. But, a Windows exploit is going to work on more than 50% of the computers in the world.
Look at the numbers. How much money has corporate and private America spent on 3rd party security systems that ultimately failed in the past decade? And, how much money has been stolen due to failed security? How much more money has been spent to pay off and/or clean up after security failures? Tally it up, then tell me what percentage of that is due to failed *nix distros. Admittedly, I'm asking you to do a lot of math - but go ahead. Do your best to walk through the numbers.
Those TCO numbers being thrown around by the industry are complete and utter bullshit.