Microsoft Leads Sting Operation Against Zeus Botnets 114
wiredmikey writes "Microsoft, in what it called its 'most complex effort to disrupt botnets to date,' and in collaboration with partners from the financial services industry, has successfully taken down operations that fuel a number of botnets that make up the notorious Zeus family of malware. In what Microsoft is calling 'Operation b71,' Microsoft and its co-plaintiffs, escorted by U.S. Marshals, seized command and control (C&C) servers in two hosting locations on March 23 in Scranton, Pennsylvania and Lombard, Illinois. The move was to seize and preserve data and evidence from the botnets for the case. In addition to seizing the C&C servers, the group took down two IP addresses behind the Zeus command and control structure, and secured 800 domains that Microsoft is now monitoring and using to help identify computers infected by Zeus."
Congratulations (Score:5, Interesting)
It seems that Microsoft has become a good guy while Apple is rapidly becoming a goat. ... Or have I spoken too soon?
Re: (Score:2)
Bastards!
But he won anyway, because he learned a valuable lesson about Microsoft...
Re: (Score:1)
sorry but the point, I think, is for microsoft not only to "sting" the servers and finding the infected computers.... what are they doing in order to prevent those computers to become infected? I think the problems should be addressed from several parts.. stinging the command and control will only relief for some time... in a few days or weeks, another virus or trojan will infect pcs again and so on... what is Microsoft doing in order to avoid PCs to be infected.
Re: (Score:2)
Well it looks like microsoft (corporate) law enforcement is part of USA culture. Today, USA=CSA Corporate States of America.
The USA government has the organic ability to provide law enforcement muscle domestically and globally.
The CSA government has the organic ability to provide law enforcement cronyism domestically and globally.
Together they will shape US and the world accordingly. IOW: Might makes rights
Re: (Score:2)
Relax, this isn't actually something newsworthy.
Every month Microsoft crowns itself the obliterator of botnets for some weird reason. All stories are never heard of a few days later.
Nothing really will change, a publicity stunt is what a publicity stunt is. And if you have to ask... You lost "just because"
Re:Congratulations (Score:4, Funny)
It seems that Microsoft has become a good guy while Apple is rapidly becoming a goat. ... Or have I spoken too soon?
Microsoft didn't just do this to be a "good guy". Microsoft's been able to take this step by arguing that the botnet operators have been violating its trademarks and damaging its reputation [tgdaily.com].
Re: (Score:1)
It seems that Microsoft has become a good guy while Apple is rapidly becoming a goat. ... Or have I spoken too soon?
Let me know when thousands of machines running OS X are being used as C&C servers for botnets. Talk about false equivalency.
Re: (Score:2)
Re: (Score:1)
Welcome to America, where the state is a Corporation
Re: (Score:2)
Welcome to America, where the state is a Corporation
Welcome to the United* Corporations of America.
*United only in the idea that people live to make them profits.
Re:Physical Seizures? (Score:5, Informative)
The US Marshals performed the seizures. Did you not RTFA?
Re: (Score:2)
There ya go, lazy-ass AC.
Re: (Score:1, Informative)
Microsoft and its co-plaintiffs, escorted by U.S. Marshals
It also contains this :P
Re: (Score:1)
Did you not RTFS? Microsoft and it's co-plaintifs escorted by U.S. Marshals
Re: (Score:1)
Did you not RTFS? Microsoft and it's co-plaintifs escorted by U.S. Marshals
So now Microsoft is in the escort business?
Re: (Score:1)
A corporation did not seize private property. The government did: http://www.zeuslegalnotice.com/images/TRO_Seizure_Order_Part_1.pdf
Keep the tinfoil handy though!
Re: (Score:1)
Re: (Score:1)
Re: (Score:1)
You know how you can punch someone in the face and then they can sue you to take all your stuff? That's how. The people running these things are causing damage to Microsoft and its customers. A better question is why is this question asked every time Microsoft takes down a botnet?
Re: (Score:2)
I wouldnt' doubt that it'd be that hard to get a warrant in this case with microsoft helping to gather the information.
Re:Physical Seizures? (Score:5, Informative)
TFA:
Microsoft has conducted physical seizures
Since when can a CORPORATION perform seizures of private property???
When it gets a court order and has proper officials (in this case, US Marshals) with them, like it appears happened.
Re: (Score:2)
Since when can a CORPORATION perform seizures of private property???
Maybe the warrant was written that way, or perhaps the authorities used them as specialists. However, as tow truck drivers seize private property every day, I suspect that it's not as big of a hurdle as you believe.
Re:Physical Seizures? (Score:5, Funny)
I probably shouldn't be admitting this online- but I am part of Microsoft's counter-terror department. We are a highly trained SWAT team that risks our life daily raiding LINUX farms. Our safety demands daily communication using Windows phones; it is one of the most dangerous jobs in the country.
We are highly trained in many ways to take on any situation needed. Even take out the Prez if he threatens to sign any bill that would not be favourable of Microsoft. We constantly run into our major foe, Apple, and fight hand-to-hand combat in the street and the patent office.
After announcing this initiative, I am in grave danger. Within a few weeks I will be tracked by other operatives by the GPS on my windows phone... if the battery doesn't die first.
Re:Physical Seizures? (Score:5, Funny)
Re: (Score:1)
Aaahh..
So you've probably faced the man with the long beard and two katanas? You probably have, you cant miss his friend with the red cape in the balloon.
Re: (Score:1)
Re: (Score:2)
Even take out the Prez if he threatens to sign any bill that would not be favourable of Microsoft.
Microsoft has a British Counter-Terror Department?
Re: (Score:2)
My cover is as a British person.
Re: (Score:2)
Re: (Score:1)
As a linux fanboi it sticks in my throat but.. (Score:5, Insightful)
Re: (Score:2, Insightful)
Re: (Score:1)
It's about as good as PR as any. They coded an OS with more holes than a termite-infested house, lied about making a brand-spanking new one from scratch (Vista), and loads of other fuckups that generally make Windows a security nightmare. So this kinda stuff makes them look tough on Internets crime, when really the best way to solve it would be to make their OS, browser, etc. a hell of a lot safer.
Re: (Score:1)
Re: (Score:2, Insightful)
With that attitude, why do you shower? you're going to get dirty again. why do you eat? You'll get hungry again. Why do you live? Kill yourself now, you're going to die anyway.
Re: (Score:1)
Re: (Score:1)
MS has cleaned up their OS and made it secure.
The issue is its users *ahem* corporate america *ahem* who still use 10 year old operating systems. You know the ones who say on slashdot its fine so why upgrade?
Then get all mad that the OS is insecure when it was released in 2001.
Windows 7 has DEP, ASLR, and sandboxing in IE 8/IE 9. Firefox does not even support sandboxing yet which is why I quit using it a year ago when 4.0 came out. In many ways Windows 7 is the most secure OS out there today. If you bash it
Re: (Score:2)
PS in 2001 Linux required you to be root in order to use your modem to dial into the internet to use Netscape
I'm not sure where you got this idea, but no, it didn't.
Perhaps some distributions did, but I was using gentoo and redhat on my laptop at that time and neither one required root to dial.
Re: (Score:1)
Just because you do not like a company's products does not mean you can't applaud their actions or maybe even a product that doesn't suck made by them?
I do not know anyone who likes all of Microsofts products. Even Windows fanboys hate older IE or Exchange.
I disliked MS greatly a decade ago and viewed them as dangerous. IE 6 scared the crap out of me and seeing what it would do to interopability of CSS standards. I even wished Apple would have won over Windows a decade ago too. ... fast forward today and we
Re: (Score:2)
As a linux fanboi it sticks in my throat but well done Microsoft.
Odd method of typing there...
Great, first EA makes it difficult... (Score:2)
.. now Microsoft takes the servers down completely. As if I haven't got enough problems to get C&C:Generals to play on-line as it is.
Botnets steal your computer (Score:1)
Re: (Score:2)
What if the control servers were still using public IRC servers, should microsoft be allowed to seize freenode?
What if they were using public services as C&C?
What about AC slashdot comments , spam messages on blogger, random twitter accounts, or even a
Seized equipment disappears for year at a time, and if a business doesn't have IT that can notice a bot
Dunder Mifflin? (Score:5, Funny)
Re: (Score:1)
Operation B 52's ... (Score:1)
www.youtube.com/watch?v=szhJzX0UgDM
Re: (Score:1)
www.youtube.com/watch?v=szhJzX0UgDM
I knew not to check out that link,,, but I just could not help myself and now I scared :(
Flashback. (Score:2)
If it only helped... (Score:5, Interesting)
Have to remain vague to be in accordance of NDAs, but I've been part of such a sting before. On the "good" side, don't get your panties in a knot. It's not as glamorous as it may look at first (it's decidedly NOT like on TV to raid a server hoster). We went in, we cashed in the servers, we went back out, all with the aid of the hoster who, in turn, didn't do anything wrong but was required to cooperate, and did so quite easily. You wave that warrant in front of their nose and they do whatever you want (as long as it's in the warrant, of course).
Before we had the servers dissected and analyzed, the bot herders rerouted to other controlling servers. It's like playing whack-a-mole. The time wasted to get every kind of evidence collected so everything's in order and you get the necessary paperwork ready is a billion times what's needed for the other side to switch over to new servers. And they know that bloody well.
Before you get the wrong idea, the solution is NOT to eliminate due process and let me go nuts on every server hoster in the country, seizing servers as I please. This is not going to do any good. Or rather, do more ill than good. The solution is on the client's side. It's trivial to come up with something that can analyze network traffic and identify bot traffic. Of course, such a device has to be under the control of the customer. Not the ISP. The field for abuse is even wider there. Require people to monitor their traffic. Net access is no more a right than the right to drive a car, and here you have to make sure that your car does not cause trouble to other participants in traffic, why should that not apply for the internet?
This can easily be rolled into a little box that gets updates regularly from its maker, with the current markers for bot traffic, not unlike how we deal with malware on computers already. Just that this time the box is not prone to user idiocy, clicking "yeah, go on" whenever some trojan wants a new home.
Re: (Score:2)
Of course, such a device has to be under the control of the customer. Not the ISP.
This can easily be rolled into a little box that gets updates regularly from its maker, with the current markers for bot traffic, not unlike how we deal with malware on computers already. Just that this time the box is not prone to user idiocy, clicking "yeah, go on" whenever some trojan wants a new home.
So on the one hand, you say you want to put control into the hands of the user to avoid the ISPs. Then you follow that by saying you want to put control into the hands of the maker to avoid the idiocy of the users.
This doesn't quite make sense to me. Why should we assume the makers of an anti-botnet box are any better than ISPs?
Re: (Score:2)
Good point. An open source solution would probably be best, coupled with a source where you can buy updated botnet identifications.
The detail should be fleshed out, but I think the idea itself is sound.
Re: (Score:2)
Of course, such a device has to be under the control of the customer. Not the ISP.
This can easily be rolled into a little box that gets updates regularly from its maker, with the current markers for bot traffic, not unlike how we deal with malware on computers already. Just that this time the box is not prone to user idiocy, clicking "yeah, go on" whenever some trojan wants a new home.
So on the one hand, you say you want to put control into the hands of the user to avoid the ISPs. Then you follow that by saying you want to put control into the hands of the maker to avoid the idiocy of the users.
This doesn't quite make sense to me. Why should we assume the makers of an anti-botnet box are any better than ISPs?
Well, to start with, the ISP can cut you off from the internet, possibly with a false allegation.
The maker of the bot detection box can... stop sending you updates?
If you have problems with the box, you probably have more choice than with your ISP, not to mention that you can just remove the box from teh loop if it is giving you problems.
It is much harder to remove your ISP from the loop, particularly when they are the only service provider in your area...
Re: (Score:2)
tell me how the common bobby quickshot is going to be able to identify botnet traffic from his connection when he's barely literate enough to play farmville on FB? IMO it's become a real crime that MS still can't follow the simple "Deny All" policy and ask the user if they want to allow before allowing anything to happen. Yes it'll teach another bunch of Joe Sixpacks and Bobby Quickshots to simply click O'kay and at that point, the ISP does need to get involved and start isolating these idiots from the gene
Re: (Score:2)
IMO it's become a real crime that MS still can't follow the simple "Deny All" policy and ask the user if they want to allow before allowing anything to happen.
That's pretty much what UAC already does.
Re: (Score:2)
Re: (Score:2)
Nonsense. You have a right to free speech, that is true. You do not have a right to access your preferred method of making your speech. For instance, you have no 'right' to broadcast on radio or TV.
In what way is this a 'sting'? (Score:1)
The slang term 'sting' means a swindle or fraud. This article doesn't mention any of that - just that Microsoft again seized C&C servers for the botnet. They likely determined which servers were providing C&C for the botnet by good old fashioned detective work, not some elaborate con perpetrated against the operators of the botnet.
Re: (Score:2)
In law enforcement, a sting operation is a deceptive operation designed to catch a person committing a crime.
http://en.wikipedia.org/wiki/Sting_operation [wikipedia.org]
Re: (Score:2)
In law enforcement, a sting operation is a deceptive operation designed to catch a person committing a crime.
Again, in what way was this a sting? There was no deception involved, at least none that was mentioned in the article. The headline says it was a sting, but nowhere in the article is there any mention of any sort of deception. In fact the article really says nothing at all about how they identified the C&C hosts that were seized. Typically researchers locate C&C servers by analyzing the network traffic to/from a compromised server. How does network analysis equate to deception?
'Monitoring' (Score:1)
...domains that Microsoft is now monitoring and using to help identify computers infected by Zeus.
No, really, that's all they're doing. They're not looking at anything else on those computers. They're not using Zeus as a backdoor to access anything else. I promise.
Re: (Score:1)
You realize that what you're suggestion is tens of thousands of felonies, right? Try to control your zealotry and apply some rational thought before posting idiocy like this.
Re: (Score:2)
First
Your botnet proxy was surely seized for your post to be so not first.
Re:Microsoft CAUSES botnets (Score:5, Interesting)
I had a linux server owned (rootkitted, had to reinstall completely), and it became part of a spam sending botnet.
So, fuck you.
Re: (Score:2)
You should've updated your system, check logfiles, run chkrootkit on a regular basis etc. Else, you're no better than people running unpatched Windows desktops.
Re: (Score:2)
Whoossshh...
Re: (Score:2)
Not elevated at all - bots only need to get in at the user level, and a moron can just as easily infect a Linux machine in the same way. The problem is the users, not the OS.