Forgot your password?
typodupeerror
Botnet Crime Microsoft Security Spam IT

Microsoft Conducts Massive Botnet Takedown Action 302

Posted by Soulskill
from the practice-for-fighting-skynet dept.
h4rm0ny writes "Microsoft, in cooperation with Federal agents, conducted what the Wall Street Journal described as 'sweeping legal attacks' as they entered facilities in Kansas City, Scranton, Pa, Denver, Dallas, Chicago, Seattle and Columbus, Ohio to seize alleged 'command and control' machines for the Rustock botnet — described as the largest source of spam in the world. The operation is intended to 'decapitate' the botnet, preventing the seized machines from sending orders to suborned PCs around the world."
This discussion has been archived. No new comments can be posted.

Microsoft Conducts Massive Botnet Takedown Action

Comments Filter:
  • by realityimpaired (1668397) on Friday March 18, 2011 @09:08AM (#35528636)

    It really is Microsoft's problem. The majority of the systems in the compromised botnet are running their software, and since they don't allow their customers to upgrade to Win7 for free, they're still responsible for patching security holes in old systems. If they have in any way made it difficult to apply these updates, or if they're discouraging people from applying these updates (WGA anybody?), then they're directly responsible for the insecurity of these systems.

    That they're helping to track and destroy these networks does make them a good corporate citizen, but I would hesitate to suggest that it's not their problem.

  • by Attila Dimedici (1036002) on Friday March 18, 2011 @09:09AM (#35528648)
    The summary is actually reasonably worded for a change (although not entirely accurate). This raid happened as part of a civil lawsuit filed by Microsoft againt the operators of this botnet. Microsoft obtained a court order for the seizure of certain computers within these various facilities. They sent out a taskforce who were accompanied by U.S. Marshalls. This appears to be a perfectly legitimate action where Microsoft presented sufficient evidence in court to seize these assets and then worked with law enforcement to do so.
  • by Anonymous Coward on Friday March 18, 2011 @09:10AM (#35528668)

    I've done this (gone on a "hacker" bust with the Secret Service). At that time, the feds would serve the warrant, do a lot of documentation (videos, photos, etc.). and the technical consultant would take apart the hardware (under supervision of agents) and do forensics.

    It's not like MIcrosoft would bust in doors. Educated guess: They're providing technical know-how that the feds lack.

  • by Medinos (2020312) on Friday March 18, 2011 @09:12AM (#35528688)
    I was once in an office raided by the FDA and local police. The person who was working with them on the case walked in behind and showed them what they needed. So if Microsoft was any part of the raiding party, their representative simply walked in behind them and did any "consultant work" that was requested by the authorities.
  • by mikael_j (106439) on Friday March 18, 2011 @09:13AM (#35528702)

    I'll admit that I haven't read TFA but I don't see any problem with MS (or other companies' employees for that matter) joining the police in the raid to make sure it doesn't turn out like the raid against TPB here in Sweden (where the cops basically raided the datacenter and took pretty much every machine they found, turned out that the vast majority of those machines weren't related to TPB and were in fact owned or rented by various businesses who were not all that happy about the cops being unable to just grab the machines they were looking for).

  • No (Score:5, Informative)

    by Kupfernigk (1190345) on Friday March 18, 2011 @09:42AM (#35528976)
    It was under 90 years ago, and in any case the point there was that corporations were part of the State. In this case, the corporation applied to the Government for authorisation and the police supervised it. Under Fascism, the Government would have instructed Microsoft to carry out the raid. See the difference?

    Perhaps you should upgrade your nick to a more modern CPU.

  • by ledow (319597) on Friday March 18, 2011 @10:16AM (#35529334) Homepage

    Don't give them the option to click Yes to incredibly stupid things like "Run this program every time I start my computer, with no easy way to monitor it or stop it from loading" (the latest one I've seen is viruses that replace the user's shell value in the registry - somewhere not listed in startup lists - and then re-execute explorer).

    Or "Allow this program to spam the hell out of everyone with no controls on what they are doing on the Internet on SMTP ports and whatever it likes, as much as it likes, with no easy way of knowing what's accessing the Internet from my PC"

    Or "Allow this program to hide itself in the filesystem once it's loaded by overriding certain function hooks" - even if you ARE admin.

    And if the user DOES click Yes, make it easy to remove that privilege later, i.e. don't have antivirus controls which are basically stuck because they CAN'T remove a file with that particular permissioning, or sometimes can't even see it in the filesystem, or can't remove it because when they do the process just recreates it immediately, or has two processes watching and respawning each other which can't be killed simultaneously.

    The problem is Windows security is NOT people running in an account with the ability to install programs. It's the OS not providing a way to recover from bad decisions and separating "user" and "admin" too much. Most users *are* admins of their machines and need to install, remove, manage stuff. But they do NOT need the ability to install a filesystem hook except once in a blue moon. And anything they install should NOT affect other users at all. "User" needs to become a lot more powerful, and a lot more isolated from other users, while still requiring admin rights (and then make it truly impossible to execute things as admin without logging on as that directly - and make the "admin" account USELESS for day-to-day-use, no browser or shortcut access should do the trick).

    And this is why MS decided LAST WEEK to turn off Autorun in XP by default. Duh. The setting that ANYONE with a brain has had switched off since day one (i.e. ten YEARS ago). That was a bad decision all along, even if it "helped" users (doesn't help anyone I know, because they click "Remember this" the first time and then never see the dialog again and then wonder why their DVD's only ever open in Media Player rather than PowerDVD, etc.)

    MS are supposed to have dozens of usability and interface guys. I've yet to see a single convincing example of this - most of their stuff is just useless eye-candy that people can't grasp without being shown by someone who knows.

  • by Blakey Rat (99501) on Friday March 18, 2011 @11:20AM (#35530228)

    Yeah, partly the user and partly the malware author, but also quite a bit the OS insecurity too.

    But... it's not "partly" the user, it's like 80% the user. And "OS insecurity" is more often insecurity in Adobe or JavaVM or QuickTime than it is in Windows itself. (Although there is some Windows in there, admittedly.)

    So, I agree with the OP here. If it was a fair world, every software vendor on Windows whose software was full of security holes should be helping out with this... Adobe is responsible for a lot more attacks than Microsoft has been in the last decade. It's been a long while since Microsoft was the main cause of the problem.

  • by LordLimecat (1103839) on Friday March 18, 2011 @11:34AM (#35530540)

    OS insecurity has very little to do with it. Make 'rootkit_and_sendspam.sh' and run it from a Linux box, it will work just as well. Whats that, gksu will prompt you if you really want to do that? IIRC Vista and seven do as well, and if people actually followed Microsoft's best practices for XP, youd get a runas prompt on that as well.

    In 5 years, the story will be about Apple viruses; that doesnt mean Unix is insecure (though it may indeed be because of Adobe flaws).

"Indecision is the basis of flexibility" -- button at a Science Fiction convention.

Working...