Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft's Vigilante Investigation of Zombies

Posted by Zonk on from the busting-undead-skull dept.

Morgalyn writes "According to an article at Information Week, Microsoft has decided to fight zombie-launched spam in their own way. In conjunction with the FTC and consumer rights groups, Microsoft set up a clean computer and then infected it. They monitored the 'zombie' over the course of 20 days - 'In those 20 days, this one computer received 5 million connection requests from spammers, and sent 18 million spam messages'. This whole operation has led to the (partial) identification of 13 different spamming groups, some of which reside in the US and may be prosecuted under the CAN-SPAM act."

2 of 341 comments (clear)

  1. Re:In other words... by slavemowgli · · Score: 5, Interesting

    You moderators may think that's funny, but there's more than a grain of truth in there. The current estimate by the ISC's DShield for how long it takes for a random computer to get infected after it's connected to the Internet is 26 minutes.

    Think about that for a moment... and then ask yourself why we actually take this for granted instead of suing Microsoft into oblivion. Would a car company get away with cars breaking down on real-life roads an average 26 minutes after they're purchased? The thought is totally ridiculous, yet we accept the same from Microsoft. Why?

    --
    quidquid latine dictum sit altum videtur.
  2. Re:In other words... by valhallaprime · · Score: 5, Interesting

    "The operating system doesn't merely fall apart - it's broken apart by the equivalent of roaming street thugs."

    I strongly agree with this. I'm not pro or anti-MS, I just happen to be a SysAdmin that uses their stuff every day, and manages 120 desktops. It's just a fact that there are a lot of shady monkeys that are trying 24/7 to find exploits, holes, and other crap for nefarious deeds.

    Call it civic duty, but once a week I spend an hour going thru my spam-logs, and pick a couple (that are obviously being sent from 0wn3d boxen), trace their IP, look up which provider owns the range. I then call their NOC (Which is almost always listed in their WhoIs record), and report the IP (if they're a U.S. provider).

    I honestly get a call-back one out of every three times from a provider, saying they've found the hostile traffic coming from that address, and they temporarily block access, or alerted the sysadmin managing the address.

    It may be little, but it's sorta civic duty to do something about this from time to time. Kudos to Cavalier and Verizon especially for following up on my calls.