Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft's Vigilante Investigation of Zombies

Posted by Zonk on from the busting-undead-skull dept.

Morgalyn writes "According to an article at Information Week, Microsoft has decided to fight zombie-launched spam in their own way. In conjunction with the FTC and consumer rights groups, Microsoft set up a clean computer and then infected it. They monitored the 'zombie' over the course of 20 days - 'In those 20 days, this one computer received 5 million connection requests from spammers, and sent 18 million spam messages'. This whole operation has led to the (partial) identification of 13 different spamming groups, some of which reside in the US and may be prosecuted under the CAN-SPAM act."

22 of 341 comments (clear)

  1. Steve Ballmer on Zombies by ponds · · Score: 5, Funny

    Microsoft should just have Steve Ballmer fucking kill them.

    1. Re:Steve Ballmer on Zombies by conJunk · · Score: 5, Funny
      Microsoft should just have Steve Ballmer fucking kill them

      Gives new meaning to "i've burried them before and i'll burry them again" eh?

    2. Re:Steve Ballmer on Zombies by mctk · · Score: 4, Funny
      Why should he have all the fun? I've been training my whole life for this, just let me at 'em.

      :: grabs sawblade with gravity gun ::

      --
      Paul Grosfield - the quicker picker upper.
    3. Re:Steve Ballmer on Zombies by utnow · · Score: 4, Insightful

      I love this... I've read through the first few pages of comments and this is my observation:

      Microsoft takes a pro-active step toward curbing spam, something that we universally hate, and for some reason MS is taking insult left and right.

      If you're going to deride them at least do it when it's appropriate... not when they're taking a legit step toward finding a solution.

  2. Microsoft fighting zombies? by MrFlannel · · Score: 5, Funny

    Not a moment too soon! With Halloween on Monday and everything, this comes at a perfect time to save my brain. I'll still lock my doors though.

    --
    Clones are people two.
  3. In other words... by shades66 · · Score: 5, Funny

    "Microsoft set up a clean computer and then infected it."

    So they switched it on and connected it to the net?

    --
    ---- There are 10 types of people in the world. Those that understand binary and those that don't
    1. Re:In other words... by slavemowgli · · Score: 5, Interesting

      You moderators may think that's funny, but there's more than a grain of truth in there. The current estimate by the ISC's DShield for how long it takes for a random computer to get infected after it's connected to the Internet is 26 minutes.

      Think about that for a moment... and then ask yourself why we actually take this for granted instead of suing Microsoft into oblivion. Would a car company get away with cars breaking down on real-life roads an average 26 minutes after they're purchased? The thought is totally ridiculous, yet we accept the same from Microsoft. Why?

      --
      quidquid latine dictum sit altum videtur.
    2. Re:In other words... by texwtf · · Score: 5, Informative

      That's not a reasonable analogy. This is more like the car is broken into within 26 minutes.

      The Internet is like Baghdad for computers but 10000 times more intense.

      The operating system doesn't merely fall apart - it's broken apart by the equivalent of roaming street thugs.

      I agree that microsoft it partially responsible (does rpc really need to be accessible by default?) - but on the other hand, until very recently your average linux install didn't take long to get 0wn3d either.

    3. Re:In other words... by valhallaprime · · Score: 5, Interesting

      "The operating system doesn't merely fall apart - it's broken apart by the equivalent of roaming street thugs."

      I strongly agree with this. I'm not pro or anti-MS, I just happen to be a SysAdmin that uses their stuff every day, and manages 120 desktops. It's just a fact that there are a lot of shady monkeys that are trying 24/7 to find exploits, holes, and other crap for nefarious deeds.

      Call it civic duty, but once a week I spend an hour going thru my spam-logs, and pick a couple (that are obviously being sent from 0wn3d boxen), trace their IP, look up which provider owns the range. I then call their NOC (Which is almost always listed in their WhoIs record), and report the IP (if they're a U.S. provider).

      I honestly get a call-back one out of every three times from a provider, saying they've found the hostile traffic coming from that address, and they temporarily block access, or alerted the sysadmin managing the address.

      It may be little, but it's sorta civic duty to do something about this from time to time. Kudos to Cavalier and Verizon especially for following up on my calls.

    4. Re:In other words... by vinn01 · · Score: 4, Informative

      They blocked the spam from being sent:

      http://www.microsoft.com/presspass/press/2005/oct0 5/10-27ZombiePR.mspx

  4. Vigilante? by bizitch · · Score: 4, Insightful

    Since when is setting up a honeypot considered "Vigilante"?

    --
    ---- "Logoff! That cookie shit makes me nervous!" - A. Soprano
    1. Re:Vigilante? by KingSkippus · · Score: 4, Funny
      Since when is setting up a honeypot considered "Vigilante"?

      Since someone wants Microsoft to sound like a tough SOB out to wreak havoc on those who would do us harm.

      Would you go see a movie that is described as "A New York City architect becomes a one-man honeypot after his wife is murdered..."?

  5. Vigilante? by Negadin · · Score: 5, Insightful

    If they are working with the FCC, why would it be considered 'vigilante'?

    That's like a considering a car company working with a police forensics department to determine why a car did what it did 'vigilante'.

  6. It takes.. by ackthpt · · Score: 4, Insightful

    It takes 20 days to collect data which may be used to convict the scumbags, but it takes years for Microsoft to realize there was a problem and do something about it. To be fair, this should be law enforcement, but someone has to file those John Does in a complaint.

    "At the same press conference, Dan Salsburg, the assistant director of the FTC's Bureau of Consumer Protection, urged all computer users to do their part to stymie zombies. "The FTC is taking aggressive steps to stop zombies and protect consumers, but consumers also need to insure that zombies aren't on their computers," Salsburg said."

    I'm sure they're shuffling paper like they've never quite shuffled before.

    Microsoft set up a clean computer and then infected it. They monitored the 'zombie' over the course of 20 days - 'In those 20 days, this one computer received 5 million connection requests from spammers, and sent 18 million spam messages'. This whole operation has lead to the (partial) identification of 13 different spamming groups, some of which reside in the US and may be prosecuted under the CAN-SPAM act.

    I just don't want to see, a couple years from now, Microsoft being awarded patents on the invention of the Honeypot.

    --

    A feeling of having made the same mistake before: Deja Foobar
  7. Right. by psbrogna · · Score: 5, Funny

    Ok, raise your hand, who thinks there's more than 1 infected windows machine on the Redmond campus?

  8. Won't work. by pellik · · Score: 5, Funny

    [i]"some of which reside in the US and may be prosecuted under the CAN-SPAM act."[/i]

    Common. We all know the only way to deal with zombies is massive head trauma.

  9. Oracle to the rescue? by jrsp · · Score: 5, Funny

    From article:

    "In those 20 days, this one computer received 5 million connection requests from spammers, and sent 18 million spam messages," said Cranton.

    That amount of data was impossible to analyze, so..."

    So, seems 18 million records is too much for poor little SQL Server, hmm? I bet Oracle could help, or maybe MySQL/PostgreSQL.

  10. So why is the FCC working with THEM... by mengel · · Score: 5, Insightful

    ... rather than the honeynet project who have better tools, and far more experience at this sort of thing?

    --
    - "History shows again and again how nature points out the folly of men" -- Blue Oyster Cult, 'Godzilla'
  11. Even if not by Sycraft-fu · · Score: 5, Insightful

    I haven't seen anywhere in the anti-spam laws that says you have a positive duty to stop spam. There doesn't seem to be any criminal culpability for getting a system hacked. The person doing the hacking and spamming is in trouble, but not the person that it happened to.

    If I'm incorrect on this, please point out the relivant part of the law.

  12. Re:Well, it's their own way... by Midnight+Thunder · · Score: 4, Insightful

    That amount of data was impossible to analyze, so Microsoft focused on the three most-active spamming days, when 470,00 connection requests were made of the PC, and about 1.8 million messages were sent through it.

    How nice: they allowed 18M junk messages to go through, but could be bothered to look at only 10% of the data. Unbelievable.

    Do you want the job of analyzing all 18 million messages? If they are only analyzing 10% its probably because they figure that the other 90% probably have the same source. Even if the other 90% don't, sure you would want them to start somewhere, than put off affirmative action for a few years? One way of confirming whether the 90% do come from the same source is prosecuting the spammers responsible for the 10% and then dealing with the reduced amount of spam in the next cycle.

    --
    Jumpstart the tartan drive.
  13. If my car had millions of people throwing bricks by Sycraft-fu · · Score: 5, Insightful

    I'd be amazed if it lasted 30 seconds.

    When you get right down to it, cars are shitty in reliability compared to software. Off the top of my head, here are some major problems my car has, at least when looked at from a software standpoint:

    1) My car is very venurable to break ins. You can smash a window, jimmy the locks and so on. It's easy, requries no knowledge to do.

    2) My car doesn't deal with faulty input. If I set it in neutral and floor it, the engine will overheat and seize up. There's no system to deal with faulty operation like that.

    3) My car has problems with user error. If I drive it in to a wall on accident, it'll stop functioning. Same if a user of another car makes a mistake and hits it.

    Worse yet, the manufacturer will not fix ANY of these faults, even for a price. Even worse they KNEW about ALL of them when they sold the car.

    Now compare that to software where we expect that it be essentially faultless and when a fault is found, that it be fixed quickly and for free.

    Something tells me that if someone put a brick through your window, it would be them that you wanted busted, not the maker of your car. Yet if someone hacks your OS, you are mad at the OS maker, not that hacker.

    Only on Slashdot :P.

  14. I can imagine the costumes! by Spy+der+Mann · · Score: 4, Funny

    Costume 1: Guy disguises himself as a zombie and puts on a cardboard monitor. Here instead of "brainssssssss" he should say: "mailssssssssssss"

    Costume 2: A fat guy carrying a chair, with a Google T-Shirt (and the handwritten letters above: "I'll F**ing Kill". Obviously his secondary target would be the guy wearing costume 1.

    Now the following may be off-topic, but what the heck, I got started!

    Costume 3: Just put on a Bill Gates mask, and wear a Microsoft T-Shirt. And instead of "Trick or treat", you say: "End User License Agreement".

    Costume 4: Disguise yourself as a Lawyer and stick the logos of BMG, Sony, Time Warner (did I miss any?) on the back. Instead of "Trick or treat", say "Court or Settlement"

    Costume 5: Disguise yourself as Zombie, but instead of wearing the cardboard monitor, just put an AOL sticker on your shirt. You're an official "AOL user". Instead of moaning "brainssss" you'll say: "Me, tooooo!"

    Costume 6: Disguise yourself as a monitor, and paint the front in blue. :)

    Costume 7: Paint your face black and buy fake jewelry. Pretend you're the relative of a Nigerian prince who just died.