Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft's Vigilante Investigation of Zombies

Posted by Zonk on from the busting-undead-skull dept.

Morgalyn writes "According to an article at Information Week, Microsoft has decided to fight zombie-launched spam in their own way. In conjunction with the FTC and consumer rights groups, Microsoft set up a clean computer and then infected it. They monitored the 'zombie' over the course of 20 days - 'In those 20 days, this one computer received 5 million connection requests from spammers, and sent 18 million spam messages'. This whole operation has led to the (partial) identification of 13 different spamming groups, some of which reside in the US and may be prosecuted under the CAN-SPAM act."

14 of 341 comments (clear)

  1. Steve Ballmer on Zombies by ponds · · Score: 5, Funny

    Microsoft should just have Steve Ballmer fucking kill them.

    1. Re:Steve Ballmer on Zombies by conJunk · · Score: 5, Funny
      Microsoft should just have Steve Ballmer fucking kill them

      Gives new meaning to "i've burried them before and i'll burry them again" eh?

  2. Microsoft fighting zombies? by MrFlannel · · Score: 5, Funny

    Not a moment too soon! With Halloween on Monday and everything, this comes at a perfect time to save my brain. I'll still lock my doors though.

    --
    Clones are people two.
  3. In other words... by shades66 · · Score: 5, Funny

    "Microsoft set up a clean computer and then infected it."

    So they switched it on and connected it to the net?

    --
    ---- There are 10 types of people in the world. Those that understand binary and those that don't
    1. Re:In other words... by slavemowgli · · Score: 5, Interesting

      You moderators may think that's funny, but there's more than a grain of truth in there. The current estimate by the ISC's DShield for how long it takes for a random computer to get infected after it's connected to the Internet is 26 minutes.

      Think about that for a moment... and then ask yourself why we actually take this for granted instead of suing Microsoft into oblivion. Would a car company get away with cars breaking down on real-life roads an average 26 minutes after they're purchased? The thought is totally ridiculous, yet we accept the same from Microsoft. Why?

      --
      quidquid latine dictum sit altum videtur.
    2. Re:In other words... by texwtf · · Score: 5, Informative

      That's not a reasonable analogy. This is more like the car is broken into within 26 minutes.

      The Internet is like Baghdad for computers but 10000 times more intense.

      The operating system doesn't merely fall apart - it's broken apart by the equivalent of roaming street thugs.

      I agree that microsoft it partially responsible (does rpc really need to be accessible by default?) - but on the other hand, until very recently your average linux install didn't take long to get 0wn3d either.

    3. Re:In other words... by valhallaprime · · Score: 5, Interesting

      "The operating system doesn't merely fall apart - it's broken apart by the equivalent of roaming street thugs."

      I strongly agree with this. I'm not pro or anti-MS, I just happen to be a SysAdmin that uses their stuff every day, and manages 120 desktops. It's just a fact that there are a lot of shady monkeys that are trying 24/7 to find exploits, holes, and other crap for nefarious deeds.

      Call it civic duty, but once a week I spend an hour going thru my spam-logs, and pick a couple (that are obviously being sent from 0wn3d boxen), trace their IP, look up which provider owns the range. I then call their NOC (Which is almost always listed in their WhoIs record), and report the IP (if they're a U.S. provider).

      I honestly get a call-back one out of every three times from a provider, saying they've found the hostile traffic coming from that address, and they temporarily block access, or alerted the sysadmin managing the address.

      It may be little, but it's sorta civic duty to do something about this from time to time. Kudos to Cavalier and Verizon especially for following up on my calls.

  4. Vigilante? by Negadin · · Score: 5, Insightful

    If they are working with the FCC, why would it be considered 'vigilante'?

    That's like a considering a car company working with a police forensics department to determine why a car did what it did 'vigilante'.

  5. Right. by psbrogna · · Score: 5, Funny

    Ok, raise your hand, who thinks there's more than 1 infected windows machine on the Redmond campus?

  6. Won't work. by pellik · · Score: 5, Funny

    [i]"some of which reside in the US and may be prosecuted under the CAN-SPAM act."[/i]

    Common. We all know the only way to deal with zombies is massive head trauma.

  7. Oracle to the rescue? by jrsp · · Score: 5, Funny

    From article:

    "In those 20 days, this one computer received 5 million connection requests from spammers, and sent 18 million spam messages," said Cranton.

    That amount of data was impossible to analyze, so..."

    So, seems 18 million records is too much for poor little SQL Server, hmm? I bet Oracle could help, or maybe MySQL/PostgreSQL.

  8. So why is the FCC working with THEM... by mengel · · Score: 5, Insightful

    ... rather than the honeynet project who have better tools, and far more experience at this sort of thing?

    --
    - "History shows again and again how nature points out the folly of men" -- Blue Oyster Cult, 'Godzilla'
  9. Even if not by Sycraft-fu · · Score: 5, Insightful

    I haven't seen anywhere in the anti-spam laws that says you have a positive duty to stop spam. There doesn't seem to be any criminal culpability for getting a system hacked. The person doing the hacking and spamming is in trouble, but not the person that it happened to.

    If I'm incorrect on this, please point out the relivant part of the law.

  10. If my car had millions of people throwing bricks by Sycraft-fu · · Score: 5, Insightful

    I'd be amazed if it lasted 30 seconds.

    When you get right down to it, cars are shitty in reliability compared to software. Off the top of my head, here are some major problems my car has, at least when looked at from a software standpoint:

    1) My car is very venurable to break ins. You can smash a window, jimmy the locks and so on. It's easy, requries no knowledge to do.

    2) My car doesn't deal with faulty input. If I set it in neutral and floor it, the engine will overheat and seize up. There's no system to deal with faulty operation like that.

    3) My car has problems with user error. If I drive it in to a wall on accident, it'll stop functioning. Same if a user of another car makes a mistake and hits it.

    Worse yet, the manufacturer will not fix ANY of these faults, even for a price. Even worse they KNEW about ALL of them when they sold the car.

    Now compare that to software where we expect that it be essentially faultless and when a fault is found, that it be fixed quickly and for free.

    Something tells me that if someone put a brick through your window, it would be them that you wanted busted, not the maker of your car. Yet if someone hacks your OS, you are mad at the OS maker, not that hacker.

    Only on Slashdot :P.