Slashdot Mirror
Microsoft Secretly Beheads Notorious Waledac Botnet
Barence writes "Microsoft has quietly won court approval to deactivate 277 domain names that are being used to control a vast network of infected PCs. The notorious Waledac botnet is being used by Eastern European spammers to send 1.5 billion spam messages every day, and infect hundreds of thousands of machines with malware. In a suit filed in the US District Court of Eastern Virginia, Microsoft accused 27 unnamed defendants of violating federal computer crime laws. It further requested that domain registrar Verisign temporarily deactivate the domains, shutting down the control servers being used to send commands to the machines. The request was secretly approved by District Judge Leonie Brinkema, allowing the action to be taken covertly, preventing Waledac's operators from switching domains."
...but where will I get all my v14gra now??
This is nice (if reactionary) but how long before we can get a court order to legally fight the botnet by 'infecting' the target computers with a patch, or at least some sort of message that warns the user to seek help?
Would Microsoft ever go that far? Would that be admitting that the only solution to the holes in Windows is vigilantism?
Even if the control machines loose DNS resolution, might not the botnet be configured to fall back to connecting to well known IP addresses to accept commands? Seems like the logical thing to do if you are creating an illegal network...
"It's not a purse...it's EUROPEAN!!!"
Living With a Nerd
Just gotta love euphemisms.
It's like in Australia, whenever a Lebanese Muslim commits a crime, the media describe the suspect of being "of Middle Eastern appearance".
They're not "East Europeans". THEY'RE RUSSIANS. Just cut to the chase please.
The Ukranians, Poles, and Chechs called. They're insulted that you're lumping them in with the Rooskies, and they're rooting your box.
I think my sarcasm meter needs fine-tuning.
Probably a one off - botnet designers will now write in contingencies so that access can be re-established in the event of visible domains being taken off-line. In fact - i'd be surprised if Waledac didn't rise from the dead.
This has nothing to do with malicious code in the OS. It's to do with malicious code exploiting crap code in the OS. And all software has *some* crap code in it.
Presumably if Microsoft have done their homework, they have identified every possible machine that these bots could try to contact to receive new instructions (such as new SPAM messages to send) and had VeriSign disable every domain name so it cant be registered or used.
Does this mean the botnet is dead?
If so, great. And lets hope people are working to repeat the excercise and block the domain names used for control of any other botnets that talk to specific servers by name for instructions.
It's not crap in the OS that causes the vast majority of infections. It's crap in the user's heads.
Why not just add code to check for an infection in the next Windows update. If found, then the user is presented with a dialogue at every boot that they must ok, and prevents them from logging in for 5 minutes for the first boot, increasing by 1 minute for each subsequent boot. Even lazy idiots will eventually get sick of this and do something about their machines.
Code, Hardware, stuff like that.
It's not "president". You probably meant "precedent".
The largest prime factor of my UID is 263267.
I do not think that word means what you think it means.
STOP . AMERICA . NOW
I'm all for corporate warfare. It's what keeps our insurance rates high and phone contracts long.
While I applaud all serious efforts to take down botnets; the fact that it was all done secretly by private corporations (and a little government nod) smacks of corporate warfare, and I have to wonder what kind of president this sets.
A black one, apparently...
ZING! That's two puns in one, bitches!
If i was a botnet author, i would keep a list of my zombies and code the bots in a way they respond to a secret password.
Thus it doesn't really matter if a command center is down, i could just start a new one and it reclaims all orphaned zombies.
Cutting a few command centers is futile.
The only solution is to burn all zombies overnight and prevent reinfection.
Patents Drive Free Software as Hurricanes Drive Construction Industry
if Waledac's been so successful (and is still valuable), how hard would it be for the authors to push out some DNS hijacking hacks that quietly redirect those domains to another host?
body massage!
Sets up the CEO more than the president I'd say.
Did you mean precedent by any chance?
What a title! At first glance, I thought Microsoft was outed cutting off people's heads, but no, they just shut down a botnet.
The internet is being taken over by Government and their corporate buddies.
Welcome to 1984.
I wonder if the spammers follow Slashdot?
like download a "patch" for the "bug" or install antivirus 2010 to remove the "virus"
that VeriSign is not going to approve.
The largest prime factor of my UID is 263267.
MS has the "malicious software removal tool" that shows up monthly in Automatic Updates and it will take care of it - but unfortunately WAY too many people don't have the automatic updates enabled or just refuse to run them. If they would run them a couple of these botnets would be gone.
1,5 billions of spam messages per day. Multiply each message by 10 seconds of working time it takes to activate e-mail window and delete the spam-message, and it becomes clear what damage to the word economy it brings. Let alone disrupted work-flow.
It is the weapon of mass economic destruction.
Such spammers should be warned, once, twice, and if they do not cool down a drone should come above their building and shoot a "Hellfire" missile right into the server room.
Or at least black-clad agents should enter the server room and sprinkle some special solution into the spam-servers, which becomes conductive after some time and shortcut.
This I would call a mild government response.
New set of domains acquired and botnet spamming again in 3..2..1..
... but HOORAY FOR MICROSOFT!
I hate printers.
So Microsoft secretly filed a suit against 27 unnamed individuals, and got a secret order taking 277 domain names away from them, all based on a mere accusation.
Oh, but since we're fighting spam, I guess that's okay.
Wait until Microsoft starts doing this to go after copyright violations. Will y'all be cheering then?
Liberty in your lifetime
No one knows they exist.
And sometimes, that's a good thing...
Microsoft forcing domains off the web in total secrecy? How could that possibly be evil ...
After all, Microsoft has such a shiny track-record of only disconnecting sites that are truly evil *coughcryptomecough*
Let's just cheer at them while they clean up the internet.
The Ukranians, Poles, and Chechs called. They're insulted that you're lumping them in with the Rooskies, and they're rooting your box.
The insulted Czechs are now rooting your box.
It's not crap in the OS that causes the vast majority of infections. It's crap in the user's heads.
Cheap cop-out.
You're in a mass-market. You can not expect the majority of users to know anything about computers. You can debate that point all you like, but that's how it is. Saying otherwise is like saying only car mechanics should be allowed to drive cars.
Assorted stuff I do sometimes: Lemuria.org
The Chechs called. They want to know why they don't exist.
I hate printers.
This can also be started manually by running "MRT.exe" from the run prompt. The month of the update is in the title bar, so it's easy to tell if you're current or not.
-- "Freedom is the right of all sentient beings" -Optimus Prime
Given that the average computer user regularly does the equivalent of driving their "car" straight into a wall, I'm not sure if at least some of the blame shouldn't fall their way. I mean, would *you* open an executable attachment sent to you by a Nigerian prince? Most users would.
Ever heard of Malicious Software Removal Tool that is rolled out in in the monthly patch cycle. It kills software MS deems bad. No court approval for that.
What the fuck are you smoking? Do you really want trigger-happy law enforcement officers to shut domains down left and right with no judicial review whatsoever? Like oh let's say cryptome.org or wikileaks.org.
M$ did the right thing here--kudos to them.
If it were that easy to check for and find all infections, we wouldn't have them.
retrorocket.o not found, launch anyway?
Cheap cop-out.
You're in a mass-market. You can not expect the majority of users to know anything about computers. You can debate that point all you like, but that's how it is. Saying otherwise is like saying only car mechanics should be allowed to drive cars.
No, it's more like saying "people should know how to drive before taking their car on public roads"
The Ukranians, Poles, and Chechs called. They're insulted that you're lumping them in with the Rooskies, and they're rooting your box.
The insulted Czechs are now rooting your box.
That explains all the spam. The Czechs are in the mail.
Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
You're in a mass-market. You can not expect the majority of users to know anything about computers. You can debate that point all you like, but that's how it is. Saying otherwise is like saying only car mechanics should be allowed to drive cars.
But you can tell them to perform preventative maintenence like fluid changes, etc. Then it is their fault if they think they know better and ignore the manufacturer's recommendations.
An example would be brake pads. If you're lazy, you might never replace your brake pads, making you a hazard to everyone else on the road. So, brake pads have metal filings in the last portion of the pad to make an obnoxious grinding noise when it's time to change them. What better way to get people to take care of their car/computer than to annoy them until they fix the issue?
Write your representatives! Repeal the 2nd Law of Thermodynamics!
Is today the day we like Microsoft?? I just want to make sure I have that right. Its not some trick to cover them acting like vigilantes is it??
I am Slashdot. Are you Slashdot as well?
Maybe it is time to allow only mechanics to drive cars. At least it will solve congestion problems.
Love many, trust a few, do harm to none.
If it were that easy to check for and find all infections, we wouldn't have them.
This ain't the problem. The problem is that you are not allowed to fix a computer that isn't yours without the explicit consent of the owner.
Love many, trust a few, do harm to none.
As glad as I am when botnets are crippled or shut down, I can't help but ask: Why is Microsoft the one pursuing this in court, rather than the government? Under what legal principle does Microsoft, a private corporation, have standing to sue for control of these domain names?
"In prison you just have to shut your eyes and take it. Here you have to shut your eyes and give it."
It's not "president". You probably meant "precedent".
No he really does mean "president". You see, now that Bill isn't there, Microsoft has this big tank of goop out in the back, and whenever they need a new VP to make a bold policy change they open a valve and flow the goop into a person shaped mould. Then they have to let it harden or "set". After which time they decant the new president and set him to work
Thus the OP was expressing his concern for the Zombie like creatures that this policy has brought to (semi) life
He must be a member of PETZ
I am Slashdot. Are you Slashdot as well?
that "secret" and "covert" might not be the right choice of words since Microsoft blogged about the whole thing?
In the words of Inigo Montoya: "You keep using that word. I do not think it means what you think it means."
this is not an explanation that's really going to help people understand why linux is overall a better bet (specifically for longevity) than windows.
Try explaining things more simple:
it's more secure
you know what the program does (nothing hidden)
everything is free (and high quality)
if you don't know how to do something it can easily be google'd to find the answer.
etc.
explaining MS's closed repositories is not even a compelling reason for folks who are programmers.
At least that is what the headline could be. Disabling foreign internet service is a big deal.
Could be a serves them right for registering as .com rather than .country. But this is one branch of the US government disabling some foreign infrastructure.
I was going to say...
Filling court orders to block "control" domains (whatever you call them won't work).
Next bot shall include, say, 5000 SHA-256 cryptographic hash of domains that haven't been registered yet and that are impossible to guess and very unlikely to be registered by anyone except the bot owner (impossible to guess unless you can break SHA-256, in which case the world at large is in trouble).
Then if the bot cannot contact the last domain(s) he got orders from for more than 'x' hours/days/whatever the bot will enter into a "find new domains mode".
The bot owner shall publish new domains on a resource that MS cannot shut down. Like Usenet or making sure that Google shall crawl the new domain dome, or Twitter, or Reddit. Whatever. Even in a /. comment.
The bot shall parse "source that cannot be shutdown" and find all the domain names. He'll take the SHA-256 of them. The ones that matches of his 5000 hashes shall become new "control" domain.
This is now how MS should fix its mess. MS should fix its mess by making a security a priority but sadly it's too busy refining its endless upgrade/milking scheme (scheme into which machine getting owned is serving MS a great purpose so...).
considering people use something, you should be able to expect a rudimentary understanding of those same things which people use. You expect someone who drives a car to understand that they need to change the oil, fill up the gas, etc.
Likewise, you should (note:should) be able to expect people to elect to learn how to get a good virus scanning program, how to tell spoof websites, etc. Meanwhile computers are newer than cars, so it's going to take a while for people to get to that point. People are still getting a grasp on spam email and fake websites/false authentication right now.
It folks don't really dedicate educating users on what you should do routinely, and likewise people don't all change their oil on time.
10 years from now, this will be less of an issue. not now though.
its actually pretty hard. you have to be a committed passionate demagogue
sure, if you are in politics, its easy to rip people off
however, its very hard to get in that position in the first place
so, just as the post you are responding to says, it is easier to make money legally than illegally
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
I am by nature a MS basher ... at times even a rather venomous one .. but let's give MS some credit here. They went to court and obviously provided enough evidence that a judge was convinced (yes, yes, I hear the chorus of 'what qualifications did the judge have?'). They didn't take actions into their own hands and they released the information about it once the court ruling was made.
... I feel a little dirty now ... I better go clean up. I'm pretty sure Steve Jobs will personally come over to repossess my Apple Fan Boy card. Sniff, I'm going to miss it ... a lot. But, I'm rather excited to finally meet Mr Jobs :-)
The fact remains that MS was actually acting in their own best interest and that of their customers. Those of use who don't use Windows will probably benefit by receiving a little less spam every day, too.
Hmmm
It's not crap in the OS that causes the vast majority of infections. It's crap in the user's heads.
Saying otherwise is like saying only car mechanics should be allowed to drive cars.
I'll take your first point about how we can't reasonably expect everyone to know about computers and the internet but I believe your analogy is flawed. The equivalent to the car mechanic is the person who can build and repair the computer (hardware, software). With cars we don't allow you to drive if you're not 1) licensed and 2) insured. I'm not saying we need to add computer insurance for people but maybe a minimum level of education on what the internet is and how unlikely it is that a random stranger simply wants to give you millions of dollars in exchange for your bank account info.
Alas, this is probably never going to be fixed as people have been getting conned for time immemorial.
"Educate the mind but never at the expense of the soul."~Blessed Basil Moreau
Can't we get even a little love for a Seinfeld reference? I mean really, what is this world coming to?
as usual microsoft doesn't like competition. mabey the botnet writers should file a complaint with the FTC that people should have their choice amongst botnets instead of having to use microsoft's default one.
Before you do that let me open a school to train auto-mechanics.
All points of time and space are connected.
Right back at you, AC: what the fuck are _you_ smoking? I was referring to the authors of the Waledac's botnet, not law enforcement officials... on second thought, I'm not even sure if you're replying to the right comment, that's how fucking high you are.
body massage!
I think it's kind of ironic how both the courts and Microsoft wanted to keep this secret, but slashdot here has no respect for that. Does it occur to anyone here that there was a reason they wanted it to be secret? Maybe they didn't want these organizations retaliating? This kind of reminds me of the one time a news reporter was being held hostage. The government wanted to keep the fact that she was hostage out of the public eye in order to lower the ransom fee. However, wikipedia editors thought it better to post to it to the public.
277 NEW domain names will be created, computers will get reinfected, and the real problem will still exist. Nice that MS wants to clean up, but it doesn't mean much if the cause isn't dealt with.
If you break your leg tomorrow. Were is your money coming from? Right, your boss. Sick leave. Burglers haven't got it.
Neither can you boss turn out to be carrying a gun and blow your brains out rather then pay you.
If you botch up your work, you won't land in a small cell with a guy named Bubba who likes you very very much.
You ex-gf can't turn you into your boss, even if you really screwed up.
A live of crime sound easy, but it isn't. If it was, more people would do it.
Take the pirates of somalia, sounds like easy money, but how many regular sailors can have their brains blown out by a sniper and nobody gives a damn? And if you think it sucks that your wife wants your wages, wait till you have to deal with the crime hierarchy. They are like the IRS, but not as nice. Oh, and then there is the IRS who can hook you up with Bubba again if you can't account for every penny in your pocket.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
If MS would stop including questionable programs or new versions (not just bugfixes) in their Automatic Updates, people would trust them more. But there's nothing like having a working system screwed up by some new version of software to make you turn the damn thing off.
Automatic Updates should not be the equivalent of loading some unstable branch in Linux. We pay MS a lot of money to get this shit right, and they're full of fail.
Going by the microsoft graphic of the operation, they could just arrest people who wear dark sunglasses and colored head scarves.
"Waste not one watt!" - CZ
I see it this way:
it's quite unsettling that Microsoft can go to some US court and disconnect domains on the other side of the planet, without the disconnected party even knowing or being able to defend themselves.
This probably reinforces a few people that the control over DNS isn't necessarily in the best hands in the US.
Not to mention that MS now has a precendent to quickly get rid of sites just by accusing somebody of something, without due process.
The headline notes: " allowing the action to be taken covertly, preventing Waledac's operators from switching domains".
So now its on slashdot. Gee, thanks.
"Waste not one watt!" - CZ
"The request was secretly approved by District Judge Leonie Brinkema, allowing the action to be taken covertly, preventing Waledac's operators from switching domains."
That is, till they figure out they don't have those domains anymore, and go to their backup DNS server. Like they don't have a way to switch control with or without warning.
Sometimes I wonder if MS had planners like these criminals, we might actually get a decent OS from them...
Be seeing you...
It's all part of our new 'Fair and Balanced' reporting initiative.
One day a year we publish something pro-Microsoft. That way when accused of bias we can say 'see, we published the one good thing you did last year, we are just still waiting on something this year.'
It really is a problem with no good solution. Most people don't want to know and don't see why they should know. Unfortunately, as complex as computers and the Internet is, it's impossible for those of us who do know to protect people from themselves like they want us to.
I'm not sure an "Internet License" would really be a fair thing to have (although I can certainly see the argument for it) and it's definitely too late now. There are also a lot of benefits to society even with all of this crap going on due to uninformed and/or lazy people. At the same time, it boggles the mind to think that someone sat down one day and said "You know, people who have an honest interest in computers spend years and even their whole lifetime studying computers and networks both in school and in their free time just to keep a small private network running right. I think it would be an excellent idea to take people who can barely run a VCR and make them system administrators on the largest, most insecure, hardest to control network in the world."
So Microsoft secretly filed a suit against 27 unnamed individuals, and got a secret order taking 277 domain names away from them, all based on a mere accusation.
Oh, but since we're fighting spam, I guess that's okay.
Wait until Microsoft starts doing this to go after copyright violations. Will y'all be cheering then?
My fiancée IAL working in a federal district court. I have mod points, but I guess it's more illuminating to reply than mod down this ridiculous comment.
Stuff is filed under seal in court all the time. The idea is that you don't want the defendant you're pursuing to know you're pursuing them if there's a high chance they can cover their tracks. You can't just make a "mere accusation" and get a court to do whatever you want. That, of course, would be silly.
Most judges are really quite reasonable about the decision to keep things sealed. In any event, all the docs will become unsealed relatively quickly -- and if you think the court was *unreasonable*, that they abused their discretion somehow, you can take your complaint to the appellate court.
Court proceedings are slow, but some crooks (especially intelligent, well-funded crooks) can move fast. This is the balance we've found between thinking things through carefully, and satisfying the public's right to this information, while still prosecuting agile crooks.
In copyright infringement cases, the plaintiff would probably have a hard time convincing the judge that docs need to stay sealed.
Believe it or not, the system actually works pretty well sometimes.
Look, I'm all for an intelligent discussion of the shortcomings of the legal system, of which there are plenty. But you should really try to learn something about it before criticizing it. Otherwise you're just wasting everyone's time.
Sadly, that show has been off the air for almost 12 years . .
Three days from now?? Thats tomorrow!! ~Peter Griffin
Because idiots are amazingly inventive, persistent, and breed at a rate so ferocious that rabbits are envious.
Come up with a "foolproof" way for securing a system and some imbecile will find a way around it.
Not to mention all the inconveniences such a lockdown method would inevitably entail.
Chas - The one, the only.
THANK GOD!!!
This has nothing to do with US control of DNS.
They went to the domains' REGISTRAR (GoDaddy) and got THEM to disable the domains.
Control of DNS could be in the hands of Bumblefuckistan and they still could have done this.
Chas - The one, the only.
THANK GOD!!!
For a secret lawsuit filed in a secret court that resulted in a secret action being taken, everyone sure seems to know a lot about what happened.
Everything isn't free, and plenty of things are not high quality. Try again.
With commercial software, I know whose reputation is on the line when I buy the software. If my mom buys it at CompUSA, she can bring it back there and complain if it breaks her computer. FOSS software is an unknown quantity - even if it's generally better.
I'm a concientious
"Even if the control machines loose DNS resolution"
I didn't know you could loose DNS resolution on anyone.... is that kind of like loosing the hounds on their ass?
That's true but not an excuse for a stuck throttle...
Even if the control machines loose DNS resolution, might not the botnet be configured to fall back to connecting to well known IP addresses to accept commands? Seems like the logical thing to do if you are creating an illegal network...
That is exactly the root of the problem, they need *tighter* DNS resolution not loose DNS reolsution. DNSSEC ftw!
If it were that easy to check for and find all infections, we wouldn't have them.
This ain't the problem. The problem is that you are not allowed to fix a computer that isn't yours without the explicit consent of the owner.
When were things like this ever an issue for Microsoft or any other well-lawyered corporation? Just change a few lines of the EULA and suddenly they have all the authorization they need.
It is a miracle that curiosity survives formal education. - Einstein
It would be even sadder if it were still on the air.
Nerd rage is the funniest rage.
We can, just as soon as XKCD makes a comic about Seinfeld.
It is a miracle that curiosity survives formal education. - Einstein
Or, you know, instead of having a monthly tool, Microsoft could just fix the problems so the monthly "malicious software removal tool" software would no longer be needed. Just a thought... nah they'll never go for it. It's cheaper to patch Windows crap code. No other OS has a need for that kind of tool.
And yes, I know "Microsoft / Windows crap code" is redundant.
EULA != law
Love many, trust a few, do harm to none.
Wow, that's precedent setting!
There are two types of people in the world: Those who crave closure
If a/the government authority was enabled to declare an infected PC as a weapon, they could then come up with some pretext to attack it. Not suggesting this though, as the cure might well be worse than the disease. Thinx: since US Border Security can seize almost any device having data storage, with no evidence, why do they quibble about finding & disabling real threats that operate within their borders?
They already do this, it's called the malicious software removal tool. Too bad you can't force people to run Windows updates, because that's really where the problem lies.
The internet was originally called ARPANET (Advanced Research Projects Agency Network).
It was funded by a government agency, DARPA (Defense Advanced Research Projects Agency).
Chas - The one, the only.
THANK GOD!!!
That's just what they want you to think. They are the East European Ninja's Ninja. First Rule of the Chech Dynasty is you don't talk abou.@$!@$&*
Don't tell that to the lawyers. They might come up with EULAW.
PlusFive Slashdot reader for Android. Can post comments.
Yep. Because operating systems shouldn't run programs at all. Ever.
I'm sure security in an OS would be much simpler if this were true.
Chas - The one, the only.
THANK GOD!!!
Dammm thoze acteevist librawl judges and their antie-entrailpranewership soshallizm. stooping the freedumb of the true amariken hard workin man to make an eazy livin. TeaBaggers rule! (or maybe just drool a lot)
let's give MS some credit here. They went to court
I always assumed they have a kind of a permament base there.
PlusFive Slashdot reader for Android. Can post comments.
EULA != law
But on the other hand, EU Law could be one awesome prime time dramedy.
See what happens when McKenzie Brackman gets bought out by a shady eastern European firm and the attorneys are forced to defend a colorful array of spammers, phishers, and identity thieves.
Do you suppose Susan Dey or Corbin Bernsen are available?
Promote proofreading. Don't mod up sloppy posts.
I'd love to hear an explanation of how internet licenses would stop people from using open wireless networks, and then I'd love to hear how you would force all these clueless average users who require a license to surf the net to secure their routers properly.
I tried linux. Installed pretty easy.
Wanted to surf the net. Found that pretty easy.
Wanted to watch a wmv video. FAIL.
Wanted to play one of my games so I popped the cd in. FAIL.
Needed to open a spreadsheet from work. The formatting was messed up. FAIL.
Went back to windows. Was able to surf the net, watch a wmv video, play my game, and my spreadsheet was formatted properly.
Until the average person can hop on a linux machine and be able to do everything they need to do, it will always be inferior.
EULA != law
While I appreciate the 2-3 word statement of the obvious in reply to a more nuanced issue, it unsurprisingly does not address my question.
There are already things with about this level of absurdity in the MS EULA and in those of other proprietary software companies. Why is the removal of Windows infections so highly illegal and/or impossible under current law? If not via EULA, then by some other mechanism, is not (ideally informed) consent the only requirement here? Or is there some legal reason why Microsoft could not conduct malware scans even if they had a signed waiver from the customer?
It is a miracle that curiosity survives formal education. - Einstein
The VAST majority of malware installs today happen as the result of idiotic users installing the software themselves.
Even if you made the PERFECT O/S, how would it be able to stop morons from fucking up their systems because they loved that kewl smiley package, or wanted their fuzzy purple gorrilla back...
Infections relying soley upon O/S vulnerabilities are declining, and social manipulations are the new attack vector. As long as the vast majority of users remain essentially retarded with regard to operating thier computers, this will ALWAYS be a problem, and has NOTHING to do with what the flavour of your O/S is... As always, malware authors target Windows because they can get tens of millions of computers with a single application, when OS X or *nix offers the same (or a similiar) level of penetration, I GUARANTEE they'll be targetted too...
-AC
This is just another case of Microsoft going after successful businessmen, in order to drive them out of an arena that Microsoft is planning on taking over. Soon, you're e-mail will be plastered with offers for MSV1AGRA, and letters from the son of the deposed Chaiman of Microsoft who needs your help getting money out of Redmond.
Who would win this election: Andrew Weiner vs Andrew Weiner's weiner.
No, it's the combination. On most OSes, it's harder for a user to shoot themselves in the foot, than it is on Microsoft's OSes.
One big difference that leaps to mind, is that Microsoft OSes use the filename to decide whether or not something is executable. Have a user save malware.exe and then click on it, and it will run.
On Linux and MacOS, after the user saves malware, they have to chmod +x malware, and then they can run it. Right there, when the user has to explicitly enable the malware, they know it's not a harmless media file; they are having to acknowledge that it's a program. And programs, unlike media files, can do whatever the fuck they want to do.
MS also has application problems. Ok, so this isn't the OS' fault, but when you get into things like MS Word and MS Excel, the apps are remarkably bad. Who would have thought that a word processor needs the ability to execute a script (written in a fully-expressive language and executed without a sandbox!) embedded inside a document, automatically when the document loads? So MS blurred the line between media and programs.
It's a really bad platform for security, not just because it happens to be widely deployed, but because it's just plain bad, compared to any average normal OS (I'm not even trying to hold it up against OpenBSD or something like that).
You do not want non-geeks using it. Windows is a platform only suitable for computer experts, which is pretty funny since no computer expert wants to have anything to do with it.
Precedent jokes aside, the answer to your question is "none".
As Microsoft controlled accounts (@hotmail and @msn) were being affected, either as sources or targets of the illegal activity, MS was an injured party and thus had standing to sue and seek redress.
They (obviously) presented enough evidence to a court to get a temporary restraining order. That order -- a government order, not a private company one -- was served to Verisign who handled the domains. Verisign complied with a legal order to temporarily lock the domains, preventing ongoing harm.
Verisign probably notified the customers of record of the action -- after the action, of course. Since it was in compliance with a legal order, the defendants are free to have their lawyers contact the court and present evidence that the domain lock harms their business and they were wrongfully accused. If they can convince a judge, they will order Verisign to remove the lock.
Either way, the case can proceed and the entire thing can be hashed out legally.
This is the way it is supposed to happen.
Learning HOW to think is more important than learning WHAT to think.
How do you run it on a jacked box?
Doesn't microsoft know what a rootkit is?
Speaking as a FLOSS supporter -- Microsoft, and Bill Gates, have a strong line in support of proprietary software, against free software. I think FLOSS is one of the greatest ideas ever successfully put into practice, and so I'm at odds with Microsoft, et. al., on that issue.
That doesn't make Microsoft *evil*, as such. It's not like Gates ever killed anybody for his wealth -- and there are enough powerful and wealthy people and organizations around who have killed for it, that it seems a bit hyperbolic that Gates and Microsoft get singled out as evil so often.
The victory condition I hope for is not the destruction of Microsoft, but rather, Microsoft opening their source code.
Linux isn't all that secure in the way people care about. Most Linux users care about and are aware of security so they tend to only run programs they get off their package manager or other trusted sources and not run them as root.
However I've introduced windows users to Linux, and they keep their windows habits like downloading random programs off the internet until told otherwise. A malicious program in Linux can do all the bad things a malicious program in Windows can; and if the program has a little dialog that tells people to run 'sudo programname' if it has limited permissions, I'm sure a lot of people could be socially engineered to do so.
SELinux addresses some of these problems (eg. a program cannot modify files outside of its security context even if they are owned by the same user) but it is not feasible for an inexperienced/casual user to configure.
As has been mentioned before, there are two/three things that keep Linux more secure at the moment besides the average technical know-how of its users.
1. The main one: obscurity. There are not nearly as many Linux machines, and those have fairly diverse sets of software installed on them.
2. All software (installed through package repositories) have a single update mechanism, making it easier to keep all programs up to date. In windows lots of programs don't have any built in mechanism for determining if a newer version is available, so old exploitable software can go unnoticed for a long time.
3. Users and Groups existed since the beginning so all software is written to avoid requiring root access unless necessary. This is a problem with windows since the UAC comes up often enough and is easy enough to bypass by default (click ok) that users do it automatically. At this point it's too late though, malicious code that can access my /home/x directory already has access to lots of sensitive information (browser history, personal files, etc.), and can transmit that information over the internet.
I love Linux, but it is not a security fix-all for uneducated users.
Brake pads do in fact have metal backing plates behind the pad and the little "cricket finger", and it makes an amazing noise when it hits the caliper. My wife knows the sound well.
A bullet may have your name on it, but artillery is addressed to " Whom It May concern"
so, today, a us controlled, us based corporation disabled 277 frigging domain names owned by foreigners, upon orders of a U.s. court which decided upon a suit filed by a u.s. corporation based in u.s. so, it was for fight against spam, and so it was a 'good' thing. and all the fools are cheering up now.
then tell me how long until some other organization or individual or political party files a lawsuit under u.s. law to do the same thing to foreign domain names on different justification, say, 'copyright' issues, or patent issues, or maybe, political correctness, private interests, or some other godfrigging long forgotten state law (like the ones you can find in conservative states, reminiscent of 19th century), and some judge just happens to give a verdict to that end ?
what do you think will happen to the global and transborder nature of internet at that point ? how will it affect the entire internet, and all the markets and professional fields contained in it ?
nobody on the internet is subject or tributary to u.s. laws, apart from u.s. citizens. it seems that this foolery just happened will start the move towards taking the control of domain names out of u.s.'s hands, through a consortium of countries, or u.n., god knows.
but its evident that it can no longer be let to continue this way, given the rate things are going in u.s., with those private interests trying to control the net through moves against net neutrality, acta, and lobbying like in the recent news about trying to get open source labeled piracy.
Read radical news here
Please re-check the comment chain.
They crunch the competition with illegal acts, they bribe governments to steal people's money, they also bribe governemnts to bring bad legislation, that makes everybody less secure, and have a nice plot to destroy freedom of expression once and for all (it has no chance of working on practice, but they have it).
They are evil. They are just lessen evil than people that murder for their benefit (altought, destroying freedom of expression may be more evil, you may discount non-working plans if you like).
Rethinking email
1) This will not end botnets
2) Microsoft doesn't care about ending botnets
3) Microsoft will never cede control over their user's machines
4) MS Security patches will always be a finger in a leak
5) A good rootkit is one that still lets my Windows boot
6) MS doesn't really care if the Windows on my 6-yr-old laptop has suddenly become non-genuine but WGA still needs those updates
7) Windows 8 will be about like Windows 7
8) The average Microsoftie is a bing-blastin', zune totin', IE8 browsin', xbox smokin' sort of a guy.
9) There is no hope for a better tommorrow...only a more expensive one
You mean they actually used their lawyers for a good cause? The mind boggles.
Damping absorbs vibrations. Dampening is caused by moisture.
...that VeriSign fully approves and is actively cooperating (but even if they don't they will "cooperate" with the judge).
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
Restrictions on car use (e.g. requiring a driving license) are reasonable, because operating a car incorrectly usually poses a serious danger to the lives of others. That's not typically the case for computers, so these cases are just not comparable.
How do you register a domain in such a way that you can't be tracked down if your domains are used as malware servers? How do you pay the registration fee?
Do these guys lie about their name, address, e-mail, etc. then pay the bill by using a stolen credit card or forwarding the money to the registrar via Western Union or something?
I thought this action was interesting. Today I learned that MS did something I agree with via domain locking. Yesterday I learned that MS did something I disagreed with via domain locking (http://yro.slashdot.org/story/10/02/24/1939257/Cryptome-in-Hot-Water-Again).
I'm not quite sure how I feel about the totality of this...
Microsoft hasn't found or developed source to patch userina.chair against its myriad vulnerabilities.
Yes, but unfortunately sometimes companies like to slip in things with an update that they don't bother to mention. If you want the security added by the "security update" then you end up accepting the new version of DRM that's been slipped into surreptitiously as well. MS did this at one point I believe, but I have no doubt that they are not alone.
If software manufacturers were under some legal obligation to tell the truth and act in their user's interests it might be different, but I often get the feeling that having bought their product, I am now a "marketing unit" and serve the double purpose of being analyzed, exploited and becoming the target of further marketing by their corporate friends.
"The first time I got drunk, I got married. The second time I bought a chimpanzee, after that I stayed sober" Arian Seid
Tell that to people who have grown used to clicking on icons and expecting everything to work just like magic.
And if something does not work as expected blame the third-party device driver.
Car maintenance is something like "tail /var/log/messages". Preventive maintenance is installing rkhunter and chkrootkit. That's what mechanics do, not the owner.
If it was a secret, it wouldn't be on slashdot ; )
Don't kid yourself. It's the size of the regexp AND how you use it that counts.
. . . that word. I do not think it means what you think it means.
But you can tell them to perform preventative maintenence like fluid changes, etc. Then it is their fault if they think they know better and ignore the manufacturer's recommendations.
The analogy breaks down when you consider that a non-trivial number of updates cause problems that take a fair bit of time to resolve. People would be a lot more reluctant to get that air filter changed if they knew there was a 1 in 10 chance that their car's wheels would fall off on the way home.
Please stand clear of the doors, por favor mantenganse alejado de las puertas
Why unnamed? Why the secrecy? Bring the cockroaches out into the light.
The request was secretly approved by District Judge Leonie Brinkema, allowing the action to be taken covertly, preventing Waledac's operators from switching domains.
So they did not switch domains until now. And are in the process of switching right now. Probably being done by tomorrow.
Wow. A whole day of a bit less spam. That really changed things... ;)
Any sufficiently advanced intelligence is indistinguishable from stupidity.
I'm pretty sure someone will find a way how to get the control back or salvage large number of zombie-PCs even without those domains. It happened before: https://infosecurity.us/?p=6262
For one, once they're licensed, they've shown they know how to do these things. Hold them responsible for having not properly secured their network just like you hold a licensed driver responsible for their mistakes (what would be a fair punishment? I don't know. We're not discussing fair. I said this wouldn't be fair in the first place). Once that sort of thing is a law, it shouldn't be too hard to require that routers cannot have open access and must require a password.
It's not good. It's too easily circumvented (just like many restrictions, so that wouldn't stop it from happening), it's open for all kinds of abuse, and involves the government sticking their nose all kinds of places I believe it doesn't belong. Like I said, there is no good solution, but you can certainly keep the average law abiding person under control though, if you're willing to pass such a law.
Cheap cop-out.
You're in a mass-market. You can not expect the majority of users to know anything about computers. You can debate that point all you like, but that's how it is. Saying otherwise is like saying only car mechanics should be allowed to drive cars.
No, it's more like saying "people should know how to drive before taking their car on public roads"
Bad Car analogies? I'm game!!!! *Ahem*:
It's more like a person telling their chauffeur to drive them off a cliff - what should the chauffer do?
in girum imus nocte et consumimur igni
Thank you!
The only reason Microsoft cares about this botnet because it "was responsible for sending 651 million spam e-mails to Hotmail addresses over an 18-day period last month".
Except that the chauffeur does not know there is a cliff there, perhaps because Wiley Coyote has painted a canvas that shows the road continuing around a curve. The computer can't interpret the difference between "Connect to server.good.com port 80" and "Connect to server.bad.com port 80", because that information is not known to the computer at the time of the infection.
We already do basic eduction.
But that is like driving school - it tells you which buttons to click and what a website is. It does not tell you to think. The equivalent to a drivers license is knowing how to use a browser and a mail program.
Spotting scams and spam goes way beyond driving school, into the "where to find the best gas" and "why women in short skirts are not standing at the edge of the road because they are handing out flyers for pop concerts" area.
That's stuff you can do with a car, not how to use a car. Same with Internet - learning how to use e-mail and learning to spot spam and scams is not the same thing.
Assorted stuff I do sometimes: Lemuria.org
You expect someone who drives a car to understand that they need to change the oil, fill up the gas, etc.
Uh, no?
I drive rental cars, don't own one myself (several reason, not important here why). I don't care about changing oil or even washing the damn thing, and if filling up the gas wouldn't be so expensive at the rental company, I'd let them do even that.
Lots of people who do own cars don't change oil, either. They bring it to a garage and let them do it.
And why shouldn't they? It's not as if being able to change the oil makes you a better driver.
Assorted stuff I do sometimes: Lemuria.org
No, it's more like saying "people should know how to drive before taking their car on public roads"
No, it isn't.
They know how to "drive" - they can click those buttons, enter a URL, write an e-mail.
Their errors are not in the driving. They're in - to stay with the analogy - where they are driving to. Someone taught them how to drive, but nobody told them not to drive their nice Porsche into the Bronx.
Assorted stuff I do sometimes: Lemuria.org
Most user don't realize that it is an executable, and the blame for that lies 100% with Microsoft.
Assorted stuff I do sometimes: Lemuria.org
I'm not a layer, but for privacy reasons you can't touch someone else property, without their explicit consent.
And no matter what you put in the EULA you still can't get this permission.
Love many, trust a few, do harm to none.
well yes, what you state is true, and I agree with your statements. I just mean that using something should (theoretically) increase your knowledge of said something, at least to some degree. Sure, not as much as someone trained or a tinkerer, but etc. That's what I meant.
You know it is funny that they should have to ask to be able to shut them down as they own the software that most is run on, and could somehow figure out how to shut them down through their loopholes the way they do people with legit copies of windows, and have to prove they have legit copies of windows, I also find it funny that they contacted verisign about this, seeing as they have the mass of dns servers online and could have sent out an easy fix in the actual firmware of their product to do more filtering of these sites then worry about getting verisign in on something they could have at some point said no to....but in the end, I enjoy the fact that they still did a good deed. Way to go M$, taking a step in the right direction.
And MRT removes the recently popular MBR and atapi.sys rootkits, does it?
How about MS outsources the malware removal to folks who are actually good at it, like say to the combofix guy? How expensive can it be to hire the guy full time to keep combofix updated?
Automatic Updates should not be the equivalent of loading some unstable branch in Linux. We pay MS a lot of money to get this shit right, and they're full of fail.
Which updates would those be, and which users have trust issues with microsoft? I dont think Ive ever heard a user say "boy I sure do wish I could trust MS more so I could run automatic updates!"... in fact, the 2 camps seem to be "automatic updates are off, and user has no idea" and "automatic updates are on, and user has no idea".
I'm not a layer, but for privacy reasons you can't touch someone else property, without their explicit consent. And no matter what you put in the EULA you still can't get this permission.
You just discovered why I said "if not via EULA, then by some other mechanism". Tell me, do you even read the posts to which you reply? They were not lengthy in this case.
Just because I mention the EULA as one possible way to do the job, does not mean we need to fixate on the EULA as the One And Only Possible Method and discuss it to the exclusion of all other possibilities. My post was asking the question of whether we can get the job done, full-stop. The job would be having a vendor take care of things like malware scans because average users sure as hell aren't doing well in this area. If one method (such as authorization via EULA) won't work, then another can be used. What I'd like to know is what the available, realistic options are or whether there is simply no feasible way of arranging this.
It is a miracle that curiosity survives formal education. - Einstein
Again, only to a very limited degree, and the less the more mature the product is.
Let's take another technological item, that is very more mature than a car. A key. Do you know how a lock works? Would it improve your handling of it if you did? There are at least a hundred similar technological inventions around you every day that you barely notice anymore. Cars are still fairly new, and not yet entirely mature, but even there, knowing how it works helps very little in actually driving it.
For computers, knowing something about them still helps. It makes you know why the machine is slow, and you can then take countermeasures or at least not make it worse by starting even more programs, for example. But again, the more it matures, the more this advantage disappears and "usage skill" and "maintainance skill" drift further apart.
Assorted stuff I do sometimes: Lemuria.org