Microsoft Secretly Beheads Notorious Waledac Botnet 381
Barence writes "Microsoft has quietly won court approval to deactivate 277 domain names that are being used to control a vast network of infected PCs. The notorious Waledac botnet is being used by Eastern European spammers to send 1.5 billion spam messages every day, and infect hundreds of thousands of machines with malware. In a suit filed in the US District Court of Eastern Virginia, Microsoft accused 27 unnamed defendants of violating federal computer crime laws. It further requested that domain registrar Verisign temporarily deactivate the domains, shutting down the control servers being used to send commands to the machines. The request was secretly approved by District Judge Leonie Brinkema, allowing the action to be taken covertly, preventing Waledac's operators from switching domains."
Re:"East European" (Score:2, Insightful)
Can they recover from this? (Score:2, Insightful)
Presumably if Microsoft have done their homework, they have identified every possible machine that these bots could try to contact to receive new instructions (such as new SPAM messages to send) and had VeriSign disable every domain name so it cant be registered or used.
Does this mean the botnet is dead?
If so, great. And lets hope people are working to repeat the excercise and block the domain names used for control of any other botnets that talk to specific servers by name for instructions.
Re:Contingencies (Score:5, Insightful)
1. If they were smart it's easier to make money legally than illegally.
Really?
Deactivated? (Score:3, Insightful)
Secret courts, secret orders, ... (Score:1, Insightful)
So Microsoft secretly filed a suit against 27 unnamed individuals, and got a secret order taking 277 domain names away from them, all based on a mere accusation.
Oh, but since we're fighting spam, I guess that's okay.
Wait until Microsoft starts doing this to go after copyright violations. Will y'all be cheering then?
Re:Microsoft (Score:1, Insightful)
Microsoft forcing domains off the web in total secrecy? How could that possibly be evil ...
After all, Microsoft has such a shiny track-record of only disconnecting sites that are truly evil *coughcryptomecough*
Let's just cheer at them while they clean up the internet.
Re:Contingencies (Score:5, Insightful)
Even if the control machines loose DNS resolution, might not the botnet be configured to fall back to connecting to well known IP addresses to accept commands? Seems like the logical thing to do if you are creating an illegal network...
Well, here are a few thoughts:
As others have pointed out, this teaches every other botnet author a lesson on what can be done. The problem ain't solved by a longshot, but maybe the Internet is safe for another night (cue Batman music).
Re:"East European" (Score:4, Insightful)
It's not crap in the OS that causes the vast majority of infections. It's crap in the user's heads.
Cheap cop-out.
You're in a mass-market. You can not expect the majority of users to know anything about computers. You can debate that point all you like, but that's how it is. Saying otherwise is like saying only car mechanics should be allowed to drive cars.
Re:Contingencies (Score:5, Insightful)
I tend to wonder at the accuracy of that assumption. I think that drug dealing is a lot like acting - people see all the famous actors and say "I can get rich as an actor", but don't notice that it is only the top one percent or so that truly make it - the rest struggle to get by, or make a moderate living at best. Additionally, as a drug dealer, you also have to avoid the law - being wildly successful for 5 years then getting caught and put in jail for ten to twenty makes flipping burgers more profitable an endeavor over the long term. Not to mention the rather short life expectancy of many of the most successful due to "competition".
So, short term, yeah, dealing (or many types of crime) is easier than making money legally. But long term, you either have to be really good, and thus invest much effort in staying one step ahead of both the law and those looking to "replace" you, or you lose the advantage that crime had, and then some. And if you are investing the required effort successfully, you likely could have done equally well working legitimately. Sure, there are the Dons and Columbian drug lords that are the exception, but again - only the top 1% or less enjoy that privilege.
Re:Contingencies (Score:4, Insightful)
Work isn't easy. If it was, we wouldn't be paid to do it.
Re:"East European" (Score:5, Insightful)
Cheap cop-out.
You're in a mass-market. You can not expect the majority of users to know anything about computers. You can debate that point all you like, but that's how it is. Saying otherwise is like saying only car mechanics should be allowed to drive cars.
No, it's more like saying "people should know how to drive before taking their car on public roads"
Re:"East European" (Score:5, Insightful)
You're in a mass-market. You can not expect the majority of users to know anything about computers. You can debate that point all you like, but that's how it is. Saying otherwise is like saying only car mechanics should be allowed to drive cars.
But you can tell them to perform preventative maintenence like fluid changes, etc. Then it is their fault if they think they know better and ignore the manufacturer's recommendations.
An example would be brake pads. If you're lazy, you might never replace your brake pads, making you a hazard to everyone else on the road. So, brake pads have metal filings in the last portion of the pad to make an obnoxious grinding noise when it's time to change them. What better way to get people to take care of their car/computer than to annoy them until they fix the issue?
Has anyone else noticed... (Score:1, Insightful)
that "secret" and "covert" might not be the right choice of words since Microsoft blogged about the whole thing?
In the words of Inigo Montoya: "You keep using that word. I do not think it means what you think it means."
Re:Secret courts, secret orders, ... (Score:2, Insightful)
So Microsoft secretly filed a suit against 27 unnamed individuals, and got a secret order taking 277 domain names away from them, all based on a mere accusation.
I take it you've read the court proceedings and are intimately familiar with the evidence Microsoft presented before the judge?
Re:Microsoft (Score:5, Insightful)
The fact remains that MS was actually acting in their own best interest and that of their customers. Those of use who don't use Windows will probably benefit by receiving a little less spam every day, too.
Hmmm
Re:Secret courts, secret orders, ... (Score:3, Insightful)
Does it matter? I mean, are you saying you believe everyone has the right to face their accuser and defend themselves - unless the evidence is really convincing?
No, work is easy (Score:4, Insightful)
If you break your leg tomorrow. Were is your money coming from? Right, your boss. Sick leave. Burglers haven't got it.
Neither can you boss turn out to be carrying a gun and blow your brains out rather then pay you.
If you botch up your work, you won't land in a small cell with a guy named Bubba who likes you very very much.
You ex-gf can't turn you into your boss, even if you really screwed up.
A live of crime sound easy, but it isn't. If it was, more people would do it.
Take the pirates of somalia, sounds like easy money, but how many regular sailors can have their brains blown out by a sniper and nobody gives a damn? And if you think it sucks that your wife wants your wages, wait till you have to deal with the crime hierarchy. They are like the IRS, but not as nice. Oh, and then there is the IRS who can hook you up with Bubba again if you can't account for every penny in your pocket.
Re:MS is already doing that. (Score:4, Insightful)
Ever heard of Malicious Software Removal Tool [microsoft.com] that is rolled out in in the monthly patch cycle. It kills software MS deems bad. No court approval for that.
No court approval needed, you clicked that you agreed with the TOS, EULA, description of what these files contain. Last time I used MS update (admittedly over a year ago) each download had it's own name. If there was a name like Malicious Software Removal Tool I would definitely take a peek inside the description to see exactly what it was doing.
This brings us back to the whole user issue. Most users accept all updates from MS (and pretty much any software vendor) without even so much as looking at the titles of the files their downloading. Maybe if people took a little more responsibility they wouldn't be surprised as to why their friendly purple gorilla buddy disappeared (I thought that thing had died years ago but I just saw him on someone's computer in the library last week).
Re:"East European" (Score:3, Insightful)
Automatic Updates should not be the equivalent of loading some unstable branch in Linux. We pay MS a lot of money to get this shit right, and they're full of fail.
Re:Contingencies (Score:3, Insightful)
Domains and IRC are dead ends for current botnets anymore exactly because authorities can shut them down.
The newer botnets use Peer to Peer networks for command and control. Either a In House private P2P or (most likely since they're already established) a public P2P like Kademila or Gnutella. Then all you would have to do is search the network with a authorization string+botnet command string embedded in it(IE: randomhexspamtheworld). When the bot receives the search string, it validates against the authorization string (randomhex) to make sure it's your command and then does the action contained in the botnet commandstring (spamtheworld).
not atypical (Score:5, Insightful)
So Microsoft secretly filed a suit against 27 unnamed individuals, and got a secret order taking 277 domain names away from them, all based on a mere accusation.
Oh, but since we're fighting spam, I guess that's okay.
Wait until Microsoft starts doing this to go after copyright violations. Will y'all be cheering then?
My fiancée IAL working in a federal district court. I have mod points, but I guess it's more illuminating to reply than mod down this ridiculous comment.
Stuff is filed under seal in court all the time. The idea is that you don't want the defendant you're pursuing to know you're pursuing them if there's a high chance they can cover their tracks. You can't just make a "mere accusation" and get a court to do whatever you want. That, of course, would be silly.
Most judges are really quite reasonable about the decision to keep things sealed. In any event, all the docs will become unsealed relatively quickly -- and if you think the court was *unreasonable*, that they abused their discretion somehow, you can take your complaint to the appellate court.
Court proceedings are slow, but some crooks (especially intelligent, well-funded crooks) can move fast. This is the balance we've found between thinking things through carefully, and satisfying the public's right to this information, while still prosecuting agile crooks.
In copyright infringement cases, the plaintiff would probably have a hard time convincing the judge that docs need to stay sealed.
Believe it or not, the system actually works pretty well sometimes.
Look, I'm all for an intelligent discussion of the shortcomings of the legal system, of which there are plenty. But you should really try to learn something about it before criticizing it. Otherwise you're just wasting everyone's time.
Re:No, work is easy (Score:4, Insightful)
And increasingly, American workers haven't got it either, along with health care, retirement and other benefits. Shit, more and more American workers don't even have Saturdays off any more.
Companies love contract workers just for that reason.
Ask the "tech workers" around here, whether their working conditions, hours and benefits have increased or decreased every year since 1980.
Re:It pains me to say this... (Score:4, Insightful)
I think it's something along the lines of closing the barn door after the horse has left. The insecure OS installs are out there, and there's not much they can do to make them secure after the fact. I mean, they *could* go really black-ops and push security updates using botnets and whatnot...but I imagine the hue-and-cry would make the Sony rootkit dispute look like fan-mail.
Re:Contingencies (Score:4, Insightful)
That's why counterfeiting is the way to go. You don't have to employ violence, you just print your own money.
Counterfeiters are the princes of thieves, IMO.
But truly, the way to succeed here in America, statistically, is to be born to a rich family. It's the #1 predictor of whether or not you will be well-off during your life. If you're born poor, you have less chance to move up the social/economic scale than if you were born in Germany, Denmark, Finland, Sweden, Norway, Ireland, France...
The notion that "anybody can make it in the US if they work hard" is a fairy tale.
Seriously. Be born rich. That's the way to go.
Re:Good work... (Score:3, Insightful)
You spend more than $1000 per year instead of accepting that you're going bald?
It's a whole lot cheaper to just go bald.
There, I saved you $3/day.
Re:Standing (Score:3, Insightful)
I assume that by owning @hotmail.com and @microsoft.com, Microsoft itself was the target of a large amount of spam from this botnet. That would give Microsoft standing to sue, as well as a lot of evidence to back up its claims.
Re:"East European" (Score:2, Insightful)
The VAST majority of malware installs today happen as the result of idiotic users installing the software themselves.
Even if you made the PERFECT O/S, how would it be able to stop morons from fucking up their systems because they loved that kewl smiley package, or wanted their fuzzy purple gorrilla back...
Infections relying soley upon O/S vulnerabilities are declining, and social manipulations are the new attack vector. As long as the vast majority of users remain essentially retarded with regard to operating thier computers, this will ALWAYS be a problem, and has NOTHING to do with what the flavour of your O/S is... As always, malware authors target Windows because they can get tens of millions of computers with a single application, when OS X or *nix offers the same (or a similiar) level of penetration, I GUARANTEE they'll be targetted too...
-AC
Re:"East European" (Score:3, Insightful)
Linux isn't all that secure in the way people care about. Most Linux users care about and are aware of security so they tend to only run programs they get off their package manager or other trusted sources and not run them as root.
However I've introduced windows users to Linux, and they keep their windows habits like downloading random programs off the internet until told otherwise. A malicious program in Linux can do all the bad things a malicious program in Windows can; and if the program has a little dialog that tells people to run 'sudo programname' if it has limited permissions, I'm sure a lot of people could be socially engineered to do so.
SELinux addresses some of these problems (eg. a program cannot modify files outside of its security context even if they are owned by the same user) but it is not feasible for an inexperienced/casual user to configure.
As has been mentioned before, there are two/three things that keep Linux more secure at the moment besides the average technical know-how of its users.
1. The main one: obscurity. There are not nearly as many Linux machines, and those have fairly diverse sets of software installed on them.
2. All software (installed through package repositories) have a single update mechanism, making it easier to keep all programs up to date. In windows lots of programs don't have any built in mechanism for determining if a newer version is available, so old exploitable software can go unnoticed for a long time.
3. Users and Groups existed since the beginning so all software is written to avoid requiring root access unless necessary. This is a problem with windows since the UAC comes up often enough and is easy enough to bypass by default (click ok) that users do it automatically. At this point it's too late though, malicious code that can access my /home/x directory already has access to lots of sensitive information (browser history, personal files, etc.), and can transmit that information over the internet.
I love Linux, but it is not a security fix-all for uneducated users.
Re:Contingencies (Score:5, Insightful)
Comment removed (Score:5, Insightful)
Re:"East European" (Score:3, Insightful)
You expect someone who drives a car to understand that they need to change the oil, fill up the gas, etc.
Uh, no?
I drive rental cars, don't own one myself (several reason, not important here why). I don't care about changing oil or even washing the damn thing, and if filling up the gas wouldn't be so expensive at the rental company, I'd let them do even that.
Lots of people who do own cars don't change oil, either. They bring it to a garage and let them do it.
And why shouldn't they? It's not as if being able to change the oil makes you a better driver.
Re:"East European" (Score:3, Insightful)
No, it's more like saying "people should know how to drive before taking their car on public roads"
No, it isn't.
They know how to "drive" - they can click those buttons, enter a URL, write an e-mail.
Their errors are not in the driving. They're in - to stay with the analogy - where they are driving to. Someone taught them how to drive, but nobody told them not to drive their nice Porsche into the Bronx.
Re:"East European" (Score:3, Insightful)
Most user don't realize that it is an executable, and the blame for that lies 100% with Microsoft.