Slashdot Mirror
Microsoft's Vigilante Investigation of Zombies
Morgalyn writes "According to an article at Information Week, Microsoft has decided to fight zombie-launched spam in their own way. In conjunction with the FTC and consumer rights groups, Microsoft set up a clean computer and then infected it. They monitored the 'zombie' over the course of 20 days - 'In those 20 days, this one computer received 5 million connection requests from spammers, and sent 18 million spam messages'. This whole operation has led to the (partial) identification of 13 different spamming groups, some of which reside in the US and may be prosecuted under the CAN-SPAM act."
Microsoft should just have Steve Ballmer fucking kill them.
Not a moment too soon! With Halloween on Monday and everything, this comes at a perfect time to save my brain. I'll still lock my doors though.
Clones are people two.
"Microsoft set up a clean computer and then infected it."
So they switched it on and connected it to the net?
---- There are 10 types of people in the world. Those that understand binary and those that don't
How is this fighting this in thier own way? Don't lots of other orgs do this same thing...? Don't they also fight spammers in other ways too? And also, if they're doing this in conjunction with a whole bunch of other people... how is this their own way? :P
There are lives at stake here!
Since when is setting up a honeypot considered "Vigilante"?
---- "Logoff! That cookie shit makes me nervous!" - A. Soprano
If they are working with the FCC, why would it be considered 'vigilante'?
That's like a considering a car company working with a police forensics department to determine why a car did what it did 'vigilante'.
It takes 20 days to collect data which may be used to convict the scumbags, but it takes years for Microsoft to realize there was a problem and do something about it. To be fair, this should be law enforcement, but someone has to file those John Does in a complaint.
"At the same press conference, Dan Salsburg, the assistant director of the FTC's Bureau of Consumer Protection, urged all computer users to do their part to stymie zombies. "The FTC is taking aggressive steps to stop zombies and protect consumers, but consumers also need to insure that zombies aren't on their computers," Salsburg said."
I'm sure they're shuffling paper like they've never quite shuffled before.
I just don't want to see, a couple years from now, Microsoft being awarded patents on the invention of the Honeypot.
A feeling of having made the same mistake before: Deja Foobar
Ok, raise your hand, who thinks there's more than 1 infected windows machine on the Redmond campus?
So I guess, Microsoft being above the law, it's OK when they do that. The end justifies the means, after all.
I'm an American. I love this country and the freedoms that we used to have.
[i]"some of which reside in the US and may be prosecuted under the CAN-SPAM act."[/i]
Common. We all know the only way to deal with zombies is massive head trauma.
From article:
"In those 20 days, this one computer received 5 million connection requests from spammers, and sent 18 million spam messages," said Cranton.
That amount of data was impossible to analyze, so..."
So, seems 18 million records is too much for poor little SQL Server, hmm? I bet Oracle could help, or maybe MySQL/PostgreSQL.
I've always wanted a reason to say that.
some of which reside in the US and may be prosecuted under the CAN-SPAM act.
I'd think there were more serious charges. Did the e-mail have forged headers? Does that make it wire fraud? Is unauthorized use of one's computers not a major crime?
Zombies are entirely different from a company putting you on its mailing list without your consent. These people aren't annoying marketers, they're criminals.
________________________________________________
suwain_2
... rather than the honeynet project who have better tools, and far more experience at this sort of thing?
- "History shows again and again how nature points out the folly of men" -- Blue Oyster Cult, 'Godzilla'
I haven't seen anywhere in the anti-spam laws that says you have a positive duty to stop spam. There doesn't seem to be any criminal culpability for getting a system hacked. The person doing the hacking and spamming is in trouble, but not the person that it happened to.
If I'm incorrect on this, please point out the relivant part of the law.
On the otherhand imagine Paperclip... It looks like you're trying to fight off a zombie attack. Would you like me to (A) Shoot some of them in the head (B) Open the main gates and let some more in?
New meaning to Blue Screen of Death.
I've hit Karma 50 and gotten a Score:5, Troll... I win!
Or we could, I suppose, get mad at the people who developed SMTP, a system so insecure in and as of itself that anyone can pretend to be anyone else and get away with it.
Of course, that was done in a kinder, gentler time when "spam" was unknown, so I guess they can be forgiven. Then again, much of the Windows code was created long before the terms "DoS" or "buffer overflow attack" came into existence.
Naw. Much easier to hate MS. Somehow, they should have known better...
Any sect, cult, or religion will legislate its creed into law if it acquires the political power to do so.
...I wondered why my gmail inbox had 18million new spams...
Microsoft is going through the courts and the criminal justice system. In neither case is there vigilantism involved, just vigilance.
Time is Nature's way of keeping everything from happening at once... the bitch.
That amount of data was impossible to analyze, so Microsoft focused on the three most-active spamming days, when 470,00 connection requests were made of the PC, and about 1.8 million messages were sent through it.
How nice: they allowed 18M junk messages to go through, but could be bothered to look at only 10% of the data. Unbelievable.
Do you want the job of analyzing all 18 million messages? If they are only analyzing 10% its probably because they figure that the other 90% probably have the same source. Even if the other 90% don't, sure you would want them to start somewhere, than put off affirmative action for a few years? One way of confirming whether the 90% do come from the same source is prosecuting the spammers responsible for the 10% and then dealing with the reduced amount of spam in the next cycle.
Jumpstart the tartan drive.
I'd be amazed if it lasted 30 seconds.
:P.
When you get right down to it, cars are shitty in reliability compared to software. Off the top of my head, here are some major problems my car has, at least when looked at from a software standpoint:
1) My car is very venurable to break ins. You can smash a window, jimmy the locks and so on. It's easy, requries no knowledge to do.
2) My car doesn't deal with faulty input. If I set it in neutral and floor it, the engine will overheat and seize up. There's no system to deal with faulty operation like that.
3) My car has problems with user error. If I drive it in to a wall on accident, it'll stop functioning. Same if a user of another car makes a mistake and hits it.
Worse yet, the manufacturer will not fix ANY of these faults, even for a price. Even worse they KNEW about ALL of them when they sold the car.
Now compare that to software where we expect that it be essentially faultless and when a fault is found, that it be fixed quickly and for free.
Something tells me that if someone put a brick through your window, it would be them that you wanted busted, not the maker of your car. Yet if someone hacks your OS, you are mad at the OS maker, not that hacker.
Only on Slashdot
Oh. They setup a computer and watched how it could be exploited and went after the people doing the exploiting. Now that seems like a smart way to handle the problem. If it was my product then I would consider actually closing the holes that allow spammers to exploit Windows to be the best solution. But hell, what do I know?
9/11: Never forget it was a false-flag operation
Do you want the job of analyzing all 18 million messages? If they are only analyzing 10% its probably because they figure that the other 90% probably have the same source.
Fair enough, but if they are doing the analysis manually then they have already lost.
I want to drag this out as long as possible. Bring me my protractor.
Costume 1: Guy disguises himself as a zombie and puts on a cardboard monitor. Here instead of "brainssssssss" he should say: "mailssssssssssss"
:)
Costume 2: A fat guy carrying a chair, with a Google T-Shirt (and the handwritten letters above: "I'll F**ing Kill". Obviously his secondary target would be the guy wearing costume 1.
Now the following may be off-topic, but what the heck, I got started!
Costume 3: Just put on a Bill Gates mask, and wear a Microsoft T-Shirt. And instead of "Trick or treat", you say: "End User License Agreement".
Costume 4: Disguise yourself as a Lawyer and stick the logos of BMG, Sony, Time Warner (did I miss any?) on the back. Instead of "Trick or treat", say "Court or Settlement"
Costume 5: Disguise yourself as Zombie, but instead of wearing the cardboard monitor, just put an AOL sticker on your shirt. You're an official "AOL user". Instead of moaning "brainssss" you'll say: "Me, tooooo!"
Costume 6: Disguise yourself as a monitor, and paint the front in blue.
Costume 7: Paint your face black and buy fake jewelry. Pretend you're the relative of a Nigerian prince who just died.
Though the Information Week article didn't mention this, an article at another site makes it clear that Microsoft blocked the outgoing spam messages during their honeypot experiement.
"Hello there! Looks like you're trying to run a party!"
I will give $10,000 to charity if someone creates a game where Steve Balmer goes on a rampage killing hundreds of spammers with his deadly bloody chair (as the default weapon), and in Quake 3 Arena fashion to also have a key bound to various choice quotes uttered by Mr. Balmer like "I will fucking bury that guy" and an animation of Mr. Balmer's model pointing in front of him to go along with those utterances.
(Disclaimer: I won't really donate the money because I'm a poor college student)
I am somewhat antimicrosoft, but I fail to see why this is called "vigilante". Microsoft is working openly with the FTC. They set up their own computer, it got infected and they are investigating unauthorized connections to it. As a security professional I applaud their efforts. This is no different than anyone of you making a honeypot and checking the damage.
Yay MS! Now, make Stevie B kill them (as other posters suggested:-)
Most drivers are required to take a test to determine their competency. Drivers Ed is available across the US and required for minors in most if not all states.
It would be interesting to see the same for computers. Everyone seems to know that a car needs an oil change every x miles but too few seem to know that you need anti-virus and anti-spyware installed on your computer for safe operation. Perhaps seatbelts would be a better analogy.
While I think it's generally agreed that software could be safer, I think it goes just as well to say that users could be generally more educated. The problem is that software venders advertise their products as being safe all in-one products and come decorated with a "no experience necessary" sticker on the box. I think software venders could do more to educate the masses. Cars come with an owner's manual; computers come with a user agreement.
I want this account deleted.
Something tells me that if someone put a brick through your window, it would be them that you wanted busted, not the maker of your car. Yet if someone hacks your OS, you are mad at the OS maker, not that hacker.
A delightful analogy but totally and absolutely bogus.
Just activate your cerebrum for a few minutes.
Is it reasonable to expect a car to be resistant to efforts to break into it with a brick? Clearly not, for your typical family vehicle. No reasonable person would think so.
Is it reasonable to expect a computer to be connected to the Internet, and for its user to perform simple tasks such as surfing the net, without being infected? Clearly it is, and any reasonable person who is not an apologist for the patheticly lacking security of MS (and quite a few other) products would think so.
It is just stupid to lay all the blame on the people who do the hacking. Sure they're bozos and criminals. But how in god's name does the world's largest software company, with virtually unlimited resources, get away for so long with producing software so flakey that infection is just a matter of time if you dare to connect your machine to the Internet?
Anyone with knowledge of computer systems outside the MS world should be aware that it is possible to create software that is highly resistant to attack via the network. Its hard - very hard - to make it 100% follproof, but its easy - very easy - to do one hell of a lot better than MS has done.
The people at MS are as smart as anyone but the total focus on making things easy over making them safe ties their hands. As a result millions of people have become trained to think that it is actually reasonable to pay hundreds of dollars out on anti-virus and other "security" software
[x] auto-moderate all posts by this user as insightful
And what does connecting it to the net have to do with the infection? Once you install XP, you're doomed. Period.
Free Software: Like love, it grows best when given away.
The market share argument is BS FUD. Always has been. Always will be. Microsoft just doesn't have a corporate culture that encourages good coding practices over eye candy and feature bloat.