Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Botnet Microsoft Security IT

Microsoft Disables Kelihos Botnet 94

Trailrunner7 writes with an excerpt from an article in Threatpost: "Continuing its legal assault on botnet operators and the hosting companies that the criminals use for their activities, Microsoft has announced new actions against a group of people it contends are responsible for the operation of the Kelihos botnet. The company has also helped to take down the botnet itself and says that Kelihos's operators were using it not only to send out spam and steal personal information but also for some more nefarious purposes."
This discussion has been archived. No new comments can be posted.

Microsoft Disables Kelihos Botnet

Comments Filter:
  • I fap to gay porn (Score:1, Informative)

    by Anonymous Coward

    I fap to gay porn.

  • by Hentes ( 2461350 ) on Tuesday September 27, 2011 @03:06PM (#37530976)
    They are the ones who really could do much against botnets by patching Windows vulnerabilities.
    • by Krojack ( 575051 ) on Tuesday September 27, 2011 @03:19PM (#37531208)

      No matter how much you patch, you can't patch stupid people that click on the fake ads and scam emails.

      • Re: (Score:2, Informative)

        by Grishnakh ( 216268 )

        Bullshit. If you can just click on an email and this leads to your system being rooted, there's something fundamentally wrong with the software architecture. Same goes for ads on websites. There should never be any way of executing arbitrary code from an email or web site.

        • by bloodhawk ( 813939 ) on Tuesday September 27, 2011 @03:49PM (#37531668)

          Bullshit. If you can just click on an email and this leads to your system being rooted, there's something fundamentally wrong with the software architecture. Same goes for ads on websites. There should never be any way of executing arbitrary code from an email or web site.

          No their isn't anything fundamentally wrong with the software architecture. A vast majority of users are morons, the OS can prompt you to say what you are doing is dangerous, stupid (as windows already does) and users will STILL say yes show me that naked photo of XYZ by running dodgy.exe for me. You simply can't patch stupidity unless you create a highly controlled environment where the user doesn't have the right to run whatever they want.

          • Re: (Score:2, Informative)

            by Grishnakh ( 216268 )

            Bullshit. If you have to do nothing but CLICK on the email, there is something wrong. Obviously, you can't prevent people from running dodgy executables without locking down the system entirely (requiring cryptographically signed executables, etc.), but that doesn't mean you have to make it easy for them either. This kind of thing is utterly impossible in Linux, and only happens in Windows because of the idiotic idea that you should allow arbitrary code to be executed directly from a website or email.

            Sur

            • by bberens ( 965711 )
              Is there a widely available (as in I can purchase it at Best Buy) operating system that doesn't have several known privilege escalation vulnerabilities?
            • by Krojack ( 575051 )

              Yes there are s few cases where just viewing the email will infect your computer however MOST of the email virii these days require user interaction by viewing/running the attached file. If you deny then then you're obviously stuck in the mid to late 90's.

            • Bullshit. If you have to do nothing but CLICK on the email, there is something wrong. Obviously, you can't prevent people from running dodgy executables without locking down the system entirely (requiring cryptographically signed executables, etc.), but that doesn't mean you have to make it easy for them either. This kind of thing is utterly impossible in Linux, and only happens in Windows because of the idiotic idea that you should allow arbitrary code to be executed directly from a website or email.

              You seem to be utterly clueless on the common infection paths on both the windows and linux front. The vast majority is not getting infected by simply viewing emails or browsing to a website, they are being socially engineered into runing malware. Users are EXECUTING files that promise to provide them with various free goodies or access to all sorts of stuff. For instance the Kelihos botnet required you to open a link in a browser, then download and execute a program which it tried to disguise as a greeting

            • by jafiwam ( 310805 )

              Fundamentally, you are correct. But, I sense you are not an IT guy.

              When a User says "I didn't do anything" they actually mean; "I clicked on a bunch of stuff without thinking"

              The problem is, browsers shouldn't let people load stuff into temp cache and then install whatever it is without visiting the "My Downloads" or "Desktop" folders first. That would stop a lot of this scareware stuff that pops up look-alike windows to get people to click on and download things. The ones that are that stupid or ine

            • by Qzukk ( 229616 )

              This kind of thing is utterly impossible in Linux

              Open a terminal and chmod +x cutepuppy.jpg then type ./cutepuppy.jpg to see a cute puppy!

              And people will do it.

              Btw you don't have to completely "root" the system to be part of a botnet, but it helps, at least if you want your bot to keep running when the user reboots (though it could easily add itself to ~/.bash_profile to restart next time the user logs back in)

              • by beardz ( 790974 )

                Btw you don't have to completely "root" the system to be part of a botnet, but it helps, at least if you want your bot to keep running when the user reboots (though it could easily add itself to ~/.bash_profile to restart next time the user logs back in)

                Or even just add a @reboot entry to that user's crontab, for execution post-boot.

            • by tlhIngan ( 30335 )

              Sure, you could include dodgy.exe in an email and give moronic users instructions how to right-click to save it to disk, open a file manager, go find the file on disk, then double-click on it to execute it, but thanks to human laziness very few people are going to go to all that trouble just to see the naked photo, and quite a few will probably remember being told never to do such a thing anyway.

              Users can do a surprisingly technical number of things in order to see Dancing Pigs [wikipedia.org]. Let me describe in general t

            • by maxume ( 22995 )

              Man, you're complaining about 2003. XP is about as fixed as it is ever going to be (and the various email clients stopped auto-executing code years ago) and Vista and Windows 7 both default to prompting the user about every system change.

            • thanks to human laziness very few people are going to go to all that trouble just to see the naked photo

              You're kidding. Right?

            • Bullshit. If you have to do nothing but CLICK on the email, there is something wrong.

              Id say something is wrong with the email client then, not the OS. And Id be interested to know what email client (certainly not any Outlook since Outlook 2003 sp1) you are using that is executing arbitrary code simply by clicking an email.

              I HAVE seen examples of rather piss poor email clients on Mac OSX, but thats really neither here nor there, as the quality of the email client has nothing to do with the OS.

              • Id say something is wrong with the email client then, not the OS.

                Of course, I never said it was the OS's fault. Of course, the client most known for doing such things is pretty intimately tied to one particular OS.

                as the quality of the email client has nothing to do with the OS.

                That depends on if the email client is coming from the same people who make the OS or not. If they're both coming from the same company that's trying to sell them together as an all-in-one solution, then the two are intertwined.

                • Office is a completely separate product that costs several hundred dollars on top of the OS, is not bundled, and is available for both Mac and Windows.

                  Calling Office vulnerabilities Windows vulnerabilities is disingenuous.

                  Of course, the client most known for doing such things is pretty intimately tied to one particular OS.

                  You mean Office 2011 for Mac OSX?

            • Uh huh. And the computer illiterate aren't going to just run what they're told to as root? or call for sudo rm -rf?
              Education is the solution, Securing the OS is important, but you'll never cross that last mile without completely locking up the system unless you can trust your users.
          • "You can't patch stupid."
        • by Anonymous Coward

          Tell that to Firefox devs. They keep creating a browser with bugs that allow for that.

          Click on a specially crafted page in Firefox... drive by exploit. Couple that with morons who run as root, boom instant botnet. Most botnets are clever enough that when they take over a computer .. they disable OS and browser updates. Noone can fix the machine remotely.

          http://www.mozilla.org/security/announce/2011/mfsa2011-29.html [mozilla.org]

          [...........] we presume that with enough effort at least some of these could be exploited to

        • Bullshit. If you can just click on an email and this leads to your system being rooted, there's something fundamentally wrong with the software architecture. Same goes for ads on websites. There should never be any way of executing arbitrary code from an email or web site.

          So Microsoft should leave the Kelihos botnet running? I don't follow your point.

        • Bullshit. If you can just click on an email and this leads to your system being rooted

          You don't need a rooted machine for it to be part of the botnet. It suffices for the user to launch an infected executable, that will just set itself up to start in background whenever he logs in from there on. It can perfectly well run with regular user's permissions to do what he needs to do.

          Then, of course, regardless of what is done, there are still countless XP boxes out there where users are admins since the alternative there is too painful. Worse yet, many of those boxes are not even fully patched.

        • What on earth do you think HTML, JavaScript, Flash, PDF, and Java do if not execute arbitrary code on the client machine?

          If there is a bug in Thunderbird, or Safari, or Acrobat, you absolutely can get a virus from browsing, no matter what platform you are using. People thinking Mac are immune to this sort of thing really arent qualified to be discussing computer security.

          • HTML isn't executable code, it's a markup language. But the others are supposed to be sandboxed. Obviously, this relies on the browser (or PDF viewer, flash plugin, etc.) to be written properly. And yes, a security bug in one of those would make it so that someone could get an infection. But it's a LOT harder to find one of these security bugs, come up with an exploit, and get users to go to your website, hope that their software isn't patched, and then get your exploit to execute this nasty code you've

            • Unless youre implying that Internet Explorer now compiles and executes C code embedded in a webpage, it sounds like you agree that 99% of these expoits have NOTHING to do with the "underlying software architecture", except in so far as it presents obstacles to infection (DEP, ASLR, blacklists, etc).

        • Running malware doesn't need any special privileges. Nothing to do with being rooted.
        • I would agree with this if this was posted sometime in circa 2005, or especially circa 2002, but that really isn't the case now.

          This malware can only take over if you go to a bad website, download a bad executable, and run it.

          Internet Explorer 8 has a malware filter named SmartScreen. You get a horrible warning if you try to access malware, and an even worse one if you try to download an executable of malware. IE8 is freely available, and every mainstream website in the world (including MSFT's) will nag you

    • by Riceballsan ( 816702 ) on Tuesday September 27, 2011 @03:23PM (#37531280)
      Now that's crazy talk, in the modern day society hackers and criminal geniouses will get past anything, companies being liable for their own flaws is a foreign concept. The best response is to reactively find and imprison the hackers. It's not sony's fault that they were using an out of date unpatched version of apache, it's the small group of script kiddies that realized it. The sad thing is right now security is so universally terrible, people actually are starting to believe that these breaches are caused by super hackers that can break into anything, rather then by amuatures taking advantage of huge gaping holes. The idea of computers somehow changes peoples minds to believe in supergeniouses. If a group of high schoolers snuck into a bank, and plastered grafiti on the walls and xeroxed customer data, 10% of the anger would go to the kids, 90% to the banks terrible security. If a group of high schoolers defaced the banks webpage "OMG they are super genious criminals, ship them to guantanemo bay!!!"
      • by Krojack ( 575051 )

        It's not sony's fault that they were using an out of date unpatched version of apache, it's the small group of script kiddies that realized it.

        But if they are knowingly running unpatched versions then they too are at fault. It's their responsibility to keep their software updated.

    • by Sir_Sri ( 199544 )

      Um... they do patch windows vulnerabilities. Not everyone installs them in a timely fashion though, and the more draconian windows becomes about forcing you to install updates the more people get upset and resist. Writing a completely new underlying structure to handle patching only works so well and only retains so much compatibility.

      Even if you do install updates, there's a gap between vulnerabilities being discovered and when a patch can land on your computer.

      • While you are correct, the big issue I have with microsoft is they don't tend to patch things quickly. Almost every zero day exploit you hear about, were reported to MS years before being exploited, only microsoft dosn't tend to see them as a priority until someone is already taking advantage of them. On top of that, when it is being exploited, microsoft kicking things into overdrive, they still tend to wait until patch tuesday to release the fixes.
  • Perhaps making people buy products they already have over and over!
  • by xyourfacekillerx ( 939258 ) on Tuesday September 27, 2011 @04:05PM (#37531906)
    For those who can't stomach Microsoft not being evil 100% of the time. It's not like they were really compelled to do this at their own expense. They did the world a favor; no matter how bitter you are at Microsoft for whatever reason, taking down a botnet and identifying an operator is still a good thing. We're not talking lesser of two evils. We're talking about an objectively undeniable good act. Props to MS, I'm glad they did this.
    • by Riceballsan ( 816702 ) on Tuesday September 27, 2011 @04:49PM (#37532558)
      50/50 there. I do half applaud microsoft for helping to take down part of a threat to their users, in this instance I applaud it, while being terrified of it at the same time. While it is awsome to see large companies helping out with law enforcement to things that hurt their users, it also sets a scary precident. We are allowing large companies to become law enforcement on their own. As we accept it for the things that hurt the little people, they slowly leverage their way into using it to help themselves and hurt the little people. The same legislation that gives microsoft the power to disconect a botnet, will give them power to disconect the pirate bay. Everyone loves a superhero with the power to do good and deliver sweet vigilante justice where the law has failed, but lets face it, in the real world if we could actually give someone superpowers, it would be an 80% chance that it would come back to bite us. The hero would protect the group he likes, and leave the others to fend for themselves. When our best interest and microsoft's best interest are one and the same that is awsome, but what happens when they shift?
    • by tqk ( 413719 )

      ... For those who can't stomach Microsoft not being evil 100% of the time.

      I haven't considered MS to be 100% evil for a long time. Even a decade ago, I didn't consider them even more than 10% evil.

      Their level of incompetence has always been the sticking point for me. Damn, they do lousy work, blame their flaws on others, and EXPECT others to fix their mistakes. They've engendered entire clouds of business operations to clean up after their incompetencies. Anti-virus software?!?

      Kaspersky labs and Symantec must wake up with a hardon every morning knowing MS is still out there d

  • Finally MS is climbing up in my books, from the "do absolutely everything evil" to "do almost no evil"...they are going a long way....if they could just offer everyone free windows xp patched even if illegal copies...and allow everyone to just get the most secure and up to date xp running possible, this would also go a long way to make sure that the net is super secure.

  • See Butch Cassidy [wikipedia.org]. The story behind "Butch Cassidy and the Sundance Kid" is that E.H Harriman, (owner of the Southern Pacific Railroad, the Union Pacific Railroad, etc.) got fed up with train robberies.

    The actual story [therailroadpolice.com] is close to that. The Union Pacific Railroad under Harriman established the Union Pacific Bandit Hunters. They had staff, money, special trains, and the best equipment. From 1891 to 1914, they chased down train robbers. By 1914, only two train robbers were still known to be alive. The "

Adding features does not necessarily increase functionality -- it just makes the manuals thicker.

Working...