Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Botnet Microsoft Security News

Microsoft Drops Suit Against Firm In Botnet Case 49

wiredmikey writes "Microsoft has dismissed a lawsuit against a company it contended a month ago was at the heart of the now-defunct Kelihos botnet. In September, Microsoft named Dominique Piatti and his company dotFree Group SRO as controllers of the botnet. The move marked the first time Microsoft had named a defendant in one of its botnet-related civil suits. 'Since the Kelihos takedown, we have been in talks with Mr. Piatti and dotFree Group s.r.o. and, after reviewing the evidence voluntarily provided by Mr. Piatti, we believe that neither he nor his business were involved in controlling the subdomains used to host the Kelihos botnet,' blogged Richard Domingues Boscovich, Senior Attorney for Microsoft's Digital Crimes Unit. 'Rather, the controllers of the Kelihos botnet leveraged the subdomain services offered by Mr. Piatti's cz.cc domain.' In regards to Kelihos, Boscovich said Microsoft is continuing its legal fight against the 22 'John Does' listed as co-defendants in the lawsuit."
This discussion has been archived. No new comments can be posted.

Microsoft Drops Suit Against Firm In Botnet Case

Comments Filter:
  • by Anonymous Coward

    That's a serious accusation to make, especially when lacking in adequate evidence to support such a claim.

    FTA: As part of the settlement, Piatti agreed to delete all the subdomains used to either operate the Kelihos botnet or for other illegitimate purposes or to transfer those subdomains to Microsoft. In addition, Piatti and dotFree Group will work with Microsoft to implement best practices to prevent abuse of free subdomains and use these best practices to establish a secure free Top Level Domain as they expand their business going forward.

    What exactly does Piatti get in exchange for the damage to his company's reputation?

    • by khallow ( 566160 )
      There are two things to note here. It looks similar to plea bargains in criminal court cases where the defendant pleads to a lesser offense in exchange for cooperation on other targets of investigation. Second, we don't actually know that Piatti was innocent of these charges. The mere fact that they're acquiescing so readily tells me that they probably were looking at serious charges, even if the original ones were pure slander (and those may well have not been!).
      • Or maybe that they were acting in good faith and were unwittingly helping the botnet people do their nefarious work, and that now that they have egg on their face, they welcome the chance to have help establishing procedures that would prevent it from happening again?

        Never ascribe to malice that which can adequately be explained by incompetence.

        • by khallow ( 566160 )

          Never ascribe to malice that which can adequately be explained by incompetence.

          And never ascribe to incompetence that which can be explained by self-interest.

    • by Runaway1956 ( 1322357 ) on Sunday October 30, 2011 @03:08PM (#37887672) Homepage Journal

      What does Piatti get? He gets a bot-free business. Damage to his company's reputation? That's HIS problem, seeing that he carelessly allowed his domains to be used for bot-netting. He caused the damage himself, by way of neglect.

      I don't even like Microsoft, and I resent the fact that you have forced me to defend Microsoft. FFS, AC, have you no sense at all? If the White House were to come under cybernetic attack, and the majority of those attacks appeared to originate from my house, you bet your ASS that the Secret Service will be knocking on my door, with a battering ram! They will confiscate every electronic device I own, they will confiscate my ass, and they will publicize my arrest around the world.

      In which case, I will be solely responsible for the "damage" to my reputation, for having failed to secure my computers.

      • In which case, I will be solely responsible for the "damage" to my reputation, for having failed to secure my computers.

        No, you'd be solely to blame for the failure to secure your computers, but you wouldn't be responsible for the attack which is the action of an unassociated third party - you'd not be guilty of aiding them or being part of a conspiracy. http://en.wikipedia.org/wiki/Mens_rea [wikipedia.org] Perhaps people would do a better job at security if this was different, but that has large risks as well.

        The more tr

        • by adolf ( 21054 )

          Meh. A lot of things respond poorly to various patterns.

          Walking into a bank with a hand in your pocket and a demand for money elicits a poor response.

          Escalating a disagreement with another person to the extent of dismemberment elicits a "poor response," and the jury won't care who was "right."

          And sending a certain pattern of signalling to the White House's computers will also elicit a poor response, just as setting the pins on a lock (which does not belong to you) in a certain orientation may bring about a

      • This is not the way things work in a state of rights. In particular, you usually can't get arrested for things you haven't done.

        In some countries, unjustly accusing people of having committed a crime is itself a crime.

      • you bet your ASS that the Secret Service will be knocking on my door, with a battering ram!

        Doesn't it worry you that you're endowing a private (and frequently predatory) company with government responsibilities and powers?

        The US Secret Service has a mandate to protect your nation's leaders, visiting world leaders, national special security events, and the integrity of the nation's currency. Microsoft has a mandate solely to take money from you, yet you're giving them virtual search and seizure powers.

        • Actually, no. I haven't researched just how they identified the botnet. It's possible that they exceeded any reasonable authority to do so. But, once the botnet was identified, it seems that they went to court, seeking reparations, and to shut the net down. That much seems reasonable. I would do as much. Search and seizure? It would seem that the court did that, after being presented with some reasonable evidence.

          As I already said, I don't even like Microsoft. But, I can't go for mindlessly bashing

      • by Xest ( 935314 )

        "If the White House were to come under cybernetic attack, and the majority of those attacks appeared to originate from my house, you bet your ASS that the Secret Service will be knocking on my door, with a battering ram!"

        Cybernetic attack?

        If it was a cybernetic attack then I think the secret service would have more to worry about than you as I suspect it would look more like Rise of the Machines than it would Hackers.

        Yes this is just a typical Slashdot pedant post, I just couldn't help but point out that cy

  • The usual Slashdot response is to put a bullet into botnet owners heads or nuke them from orbit, no questions asked. Well, in this case there would be an innocent man dead. It just shows it isn't always so easy to find them.
    • Re: (Score:1, Funny)

      by Anonymous Coward

      According to the Source Code of Hammurabi both parties should be killed, just to be sure.

  • by Anonymous Coward

    Damn that evil headwear!

  • I wonder what OSes Mr. Piatti uses. I wonder they will be the same ones next year.

    • by Anonymous Coward

      So what exactly are you implying here? Say it flat out. Don't pussyfoot around it. Instead of making indirect accusations, man up and actually say exactly what we all know you're trying to say.

      • Man up? Might be a more credible exhortation if not posted AC, no?

        • Man up? Might be a more credible exhortation if not posted AC, no?

          OK, 'kermidge' (don't get me wrong, I find an AC slapfight as funny as anybody else).

          • Hi, Bill. Thanks; sorry 'bout the snark, was only into second cuppa, and couldn't resist.

            I've been using "kermidge" for a decade, there's only one other on the 'net that I've found (and I'm not sure about him), but there are thousands with my "real" name.

  • by Anonymous Coward

    Surely that should be botnet, not bonnet. Turn off autocorrect.

  • by Anonymous Coward

    "Microsoft has dismissed a lawsuit

    I had no idea Microsoft was that powerful - isn't it normally judges who dismiss lawsuits?

    • The author should have written "settled" instead of "dismissed". All around this is a badly summarized article verging on "Troll" status. Surprised it got through? Nope.

  • No apology then (Score:2, Insightful)

    by folderol ( 1965326 )
    We falsely accused you, maybe made a sizable dent in you business, but that's OK. We're Microsoft and beyond all possible reproach.
    • Re: (Score:2, Informative)

      by Anonymous Coward

      I'ts not a false accusation. The standards for malicious prosecution are actually quite high, and would require evidence of either severe incompetence or willful and reckless disregard for the truth.

      However, since the botnet was controlled through their hosting services, it'll be a case of an acceptable interpretation of the information they had, and not punished.

      Microsoft's apology probably goes something like this "Hey, sorry you weren't actually doing it yourselves, but just foolishly sold your service

      • I'ts not a false accusation. The standards for malicious prosecution are actually quite high, and would require evidence of either severe incompetence or willful and reckless disregard for the truth.

        However, since the botnet was controlled through their hosting services, it'll be a case of an acceptable interpretation of the information they had, and not punished.

        If microsoft woudl just have looked at the "information they had" they would have figured out in 10 minutes that

        A) the IP addresses of the bothet controllers did not belong to the company dotFree Group SRO and
        B) The subdomain cz.cc used by the botnet controllers, is a free DNS service that anyone can use.

        If you turned the table and accused Microsoft of something similar based on the same "evidence", you can be sure that Microsoft would sue you out of existence.

  • Would have seen much code and skills on display as a set of older OS's and a few new ones where examined?
    The public face of MS's security experts been cross examined ...
  • Micorsoft can't "dismiss" a case. They can "drop" a case (drop being a non-technical term). But "dismiss" is a technical term. Only the Judge can dismiss a case. Microsoft can drop the case by requesting a dismissal, but if the defendants object to the dismissal (and they often do, because to accept it often blocks the "winner" collecting fees from the "loser"), then the judge will likely not dismiss the case. It's like the term "broadband" being misused constantly, with most fiber connections not bein

Never test for an error condition you don't know how to handle. -- Steinbach

Working...