Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft's Vigilante Investigation of Zombies

Posted by Zonk on from the busting-undead-skull dept.

Morgalyn writes "According to an article at Information Week, Microsoft has decided to fight zombie-launched spam in their own way. In conjunction with the FTC and consumer rights groups, Microsoft set up a clean computer and then infected it. They monitored the 'zombie' over the course of 20 days - 'In those 20 days, this one computer received 5 million connection requests from spammers, and sent 18 million spam messages'. This whole operation has led to the (partial) identification of 13 different spamming groups, some of which reside in the US and may be prosecuted under the CAN-SPAM act."

4 of 341 comments (clear)

  1. Vigilante? by Negadin · · Score: 5, Insightful

    If they are working with the FCC, why would it be considered 'vigilante'?

    That's like a considering a car company working with a police forensics department to determine why a car did what it did 'vigilante'.

  2. So why is the FCC working with THEM... by mengel · · Score: 5, Insightful

    ... rather than the honeynet project who have better tools, and far more experience at this sort of thing?

    --
    - "History shows again and again how nature points out the folly of men" -- Blue Oyster Cult, 'Godzilla'
  3. Even if not by Sycraft-fu · · Score: 5, Insightful

    I haven't seen anywhere in the anti-spam laws that says you have a positive duty to stop spam. There doesn't seem to be any criminal culpability for getting a system hacked. The person doing the hacking and spamming is in trouble, but not the person that it happened to.

    If I'm incorrect on this, please point out the relivant part of the law.

  4. If my car had millions of people throwing bricks by Sycraft-fu · · Score: 5, Insightful

    I'd be amazed if it lasted 30 seconds.

    When you get right down to it, cars are shitty in reliability compared to software. Off the top of my head, here are some major problems my car has, at least when looked at from a software standpoint:

    1) My car is very venurable to break ins. You can smash a window, jimmy the locks and so on. It's easy, requries no knowledge to do.

    2) My car doesn't deal with faulty input. If I set it in neutral and floor it, the engine will overheat and seize up. There's no system to deal with faulty operation like that.

    3) My car has problems with user error. If I drive it in to a wall on accident, it'll stop functioning. Same if a user of another car makes a mistake and hits it.

    Worse yet, the manufacturer will not fix ANY of these faults, even for a price. Even worse they KNEW about ALL of them when they sold the car.

    Now compare that to software where we expect that it be essentially faultless and when a fault is found, that it be fixed quickly and for free.

    Something tells me that if someone put a brick through your window, it would be them that you wanted busted, not the maker of your car. Yet if someone hacks your OS, you are mad at the OS maker, not that hacker.

    Only on Slashdot :P.