Microsoft Secretly Beheads Notorious Waledac Botnet

← Back to Stories (view on slashdot.org)

Microsoft Secretly Beheads Notorious Waledac Botnet

Posted by CmdrTaco on Thursday February 25, 2010 @01:40AM from the if-you-cut-off-one-head-do-two-grow-back dept.

Barence writes "Microsoft has quietly won court approval to deactivate 277 domain names that are being used to control a vast network of infected PCs. The notorious Waledac botnet is being used by Eastern European spammers to send 1.5 billion spam messages every day, and infect hundreds of thousands of machines with malware. In a suit filed in the US District Court of Eastern Virginia, Microsoft accused 27 unnamed defendants of violating federal computer crime laws. It further requested that domain registrar Verisign temporarily deactivate the domains, shutting down the control servers being used to send commands to the machines. The request was secretly approved by District Judge Leonie Brinkema, allowing the action to be taken covertly, preventing Waledac's operators from switching domains."

381 comments

Min score:

Reason:

Sort:

"East European" by benjfowler · 2010-02-25 01:42 · Score: -1, Offtopic

Just gotta love euphemisms.
It's like in Australia, whenever a Lebanese Muslim commits a crime, the media describe the suspect of being "of Middle Eastern appearance".
They're not "East Europeans". THEY'RE RUSSIANS. Just cut to the chase please.
1. Re:"East European" by Anonymous Coward · 2010-02-25 01:46 · Score: -1, Troll
  
  This is yet another win for Open Source Software. If people used Open Source Operating Systems such as Linux, this would never have happened, as people would have inspected the source and stopped it before someone checked the trojan into the Git repository.
  Microsoft's Git repository for Windows is not public and so people cannot inspect the source, leading to this kind of thing.
  Please, people, dump your Proprietary Operating Systems and use superior OSS software instead.
2. Re:"East European" by Pojut · 2010-02-25 01:47 · Score: 0, Offtopic
  
  "It's not a purse...it's EUROPEAN!!!"
  
  --
  Living With a Nerd
3. Re:"East European" by Anonymous Coward · 2010-02-25 01:48 · Score: 0
  
  Just gotta love euphemisms.
  It's like in Australia, whenever a Lebanese Muslim commits a crime, the media describe the suspect of being "of Middle Eastern appearance".
  They're not "East Europeans". THEY'RE RUSSIANS. Just cut to the chase please.
  The Ukranians, Poles, and Chechs called. They're insulted that you're lumping them in with the Rooskies, and they're rooting your box.
4. Re:"East European" by Anonymous Coward · 2010-02-25 01:49 · Score: 0
  
  I think my sarcasm meter needs fine-tuning.
5. Re:"East European" by lordandmaker · 2010-02-25 01:51 · Score: 1, Insightful
  
  This has nothing to do with malicious code in the OS. It's to do with malicious code exploiting crap code in the OS. And all software has *some* crap code in it.
6. Re:"East European" by FyRE666 · 2010-02-25 01:56 · Score: 3, Interesting
  
  It's not crap in the OS that causes the vast majority of infections. It's crap in the user's heads.
  Why not just add code to check for an infection in the next Windows update. If found, then the user is presented with a dialogue at every boot that they must ok, and prevents them from logging in for 5 minutes for the first boot, increasing by 1 minute for each subsequent boot. Even lazy idiots will eventually get sick of this and do something about their machines.
  
  --
  Code, Hardware, stuff like that.
7. Re:"East European" by Anonymous Coward · 2010-02-25 02:05 · Score: 1, Funny
  
  like download a "patch" for the "bug" or install antivirus 2010 to remove the "virus"
8. Re:"East European" by Anonymous Coward · 2010-02-25 02:08 · Score: 3, Informative
  
  MS has the "malicious software removal tool" that shows up monthly in Automatic Updates and it will take care of it - but unfortunately WAY too many people don't have the automatic updates enabled or just refuse to run them. If they would run them a couple of these botnets would be gone.
9. Re:"East European" by Anonymous Coward · 2010-02-25 02:11 · Score: 1, Funny
  
  The Ukranians, Poles, and Chechs called. They're insulted that you're lumping them in with the Rooskies, and they're rooting your box.
  The insulted Czechs are now rooting your box.
10. Re:"East European" by Tom · 2010-02-25 02:11 · Score: 3, Insightful
  
  It's not crap in the OS that causes the vast majority of infections. It's crap in the user's heads.
  Cheap cop-out.
  You're in a mass-market. You can not expect the majority of users to know anything about computers. You can debate that point all you like, but that's how it is. Saying otherwise is like saying only car mechanics should be allowed to drive cars.
  
  --
  Assorted stuff I do sometimes: Lemuria.org
11. Re:"East European" by MrNaz · 2010-02-25 02:13 · Score: 1
  
  The Chechs called. They want to know why they don't exist.
  
  --
  I hate printers.
12. Re:"East European" by jtdennis · 2010-02-25 02:17 · Score: 4, Informative
  
  This can also be started manually by running "MRT.exe" from the run prompt. The month of the update is in the title bar, so it's easy to tell if you're current or not.
  
  --
  -- "Freedom is the right of all sentient beings" -Optimus Prime
13. Re:"East European" by Anonymous Coward · 2010-02-25 02:17 · Score: 0
  
  Given that the average computer user regularly does the equivalent of driving their "car" straight into a wall, I'm not sure if at least some of the blame shouldn't fall their way. I mean, would *you* open an executable attachment sent to you by a Nigerian prince? Most users would.
14. Re:"East European" by Andy+Dodd · 2010-02-25 02:19 · Score: 1
  
  If it were that easy to check for and find all infections, we wouldn't have them.
  
  --
  retrorocket.o not found, launch anyway?
15. Re:"East European" by fuzzix · 2010-02-25 02:22 · Score: 5, Insightful
  
  Cheap cop-out.
  You're in a mass-market. You can not expect the majority of users to know anything about computers. You can debate that point all you like, but that's how it is. Saying otherwise is like saying only car mechanics should be allowed to drive cars.
  No, it's more like saying "people should know how to drive before taking their car on public roads"
16. Re:"East European" by nacturation · 2010-02-25 02:23 · Score: 5, Funny
  
  The Ukranians, Poles, and Chechs called. They're insulted that you're lumping them in with the Rooskies, and they're rooting your box.
  The insulted Czechs are now rooting your box.
  That explains all the spam. The Czechs are in the mail.
  
  --
  Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
17. Re:"East European" by Bakkster · 2010-02-25 02:23 · Score: 4, Insightful
  
  You're in a mass-market. You can not expect the majority of users to know anything about computers. You can debate that point all you like, but that's how it is. Saying otherwise is like saying only car mechanics should be allowed to drive cars.
  But you can tell them to perform preventative maintenence like fluid changes, etc. Then it is their fault if they think they know better and ignore the manufacturer's recommendations.
  An example would be brake pads. If you're lazy, you might never replace your brake pads, making you a hazard to everyone else on the road. So, brake pads have metal filings in the last portion of the pad to make an obnoxious grinding noise when it's time to change them. What better way to get people to take care of their car/computer than to annoy them until they fix the issue?
  
  --
  Write your representatives! Repeal the 2nd Law of Thermodynamics!
18. Re:"East European" by Krneki · 2010-02-25 02:25 · Score: 1
  
  Maybe it is time to allow only mechanics to drive cars. At least it will solve congestion problems.
  
  --
  Love many, trust a few, do harm to none.
19. Re:"East European" by Krneki · 2010-02-25 02:27 · Score: 1
  
  If it were that easy to check for and find all infections, we wouldn't have them.
  This ain't the problem. The problem is that you are not allowed to fix a computer that isn't yours without the explicit consent of the owner.
  
  --
  Love many, trust a few, do harm to none.
20. Re:"East European" by poetmatt · 2010-02-25 02:40 · Score: 1
  
  this is not an explanation that's really going to help people understand why linux is overall a better bet (specifically for longevity) than windows.
  Try explaining things more simple:
  it's more secure
  you know what the program does (nothing hidden)
  everything is free (and high quality)
  if you don't know how to do something it can easily be google'd to find the answer.
  etc.
  explaining MS's closed repositories is not even a compelling reason for folks who are programmers.
21. Re:"East European" by poetmatt · 2010-02-25 02:45 · Score: 0, Troll
  
  considering people use something, you should be able to expect a rudimentary understanding of those same things which people use. You expect someone who drives a car to understand that they need to change the oil, fill up the gas, etc.
  Likewise, you should (note:should) be able to expect people to elect to learn how to get a good virus scanning program, how to tell spoof websites, etc. Meanwhile computers are newer than cars, so it's going to take a while for people to get to that point. People are still getting a grasp on spam email and fake websites/false authentication right now.
  It folks don't really dedicate educating users on what you should do routinely, and likewise people don't all change their oil on time.
  10 years from now, this will be less of an issue. not now though.
22. Re:"East European" by WCguru42 · 2010-02-25 02:47 · Score: 1
  
  It's not crap in the OS that causes the vast majority of infections. It's crap in the user's heads.
  Saying otherwise is like saying only car mechanics should be allowed to drive cars.
  I'll take your first point about how we can't reasonably expect everyone to know about computers and the internet but I believe your analogy is flawed. The equivalent to the car mechanic is the person who can build and repair the computer (hardware, software). With cars we don't allow you to drive if you're not 1) licensed and 2) insured. I'm not saying we need to add computer insurance for people but maybe a minimum level of education on what the internet is and how unlikely it is that a random stranger simply wants to give you millions of dollars in exchange for your bank account info.
  Alas, this is probably never going to be fixed as people have been getting conned for time immemorial.
  
  --
  "Educate the mind but never at the expense of the soul."~Blessed Basil Moreau
23. Re:"East European" by WrongSizeGlass · 2010-02-25 02:48 · Score: 1
  
  Can't we get even a little love for a Seinfeld reference? I mean really, what is this world coming to?
24. Re:"East European" by sleigher · 2010-02-25 02:49 · Score: 1
  
  Before you do that let me open a school to train auto-mechanics.
  
  --
  All points of time and space are connected.
25. Re:"East European" by Anonymous Coward · 2010-02-25 02:56 · Score: 3, Insightful
  
  If MS would stop including questionable programs or new versions (not just bugfixes) in their Automatic Updates, people would trust them more. But there's nothing like having a working system screwed up by some new version of software to make you turn the damn thing off.
  
  Automatic Updates should not be the equivalent of loading some unstable branch in Linux. We pay MS a lot of money to get this shit right, and they're full of fail.
26. Re:"East European" by Jimmy+King · 2010-02-25 03:07 · Score: 1
  
  It really is a problem with no good solution. Most people don't want to know and don't see why they should know. Unfortunately, as complex as computers and the Internet is, it's impossible for those of us who do know to protect people from themselves like they want us to.
  
  I'm not sure an "Internet License" would really be a fair thing to have (although I can certainly see the argument for it) and it's definitely too late now. There are also a lot of benefits to society even with all of this crap going on due to uninformed and/or lazy people. At the same time, it boggles the mind to think that someone sat down one day and said "You know, people who have an honest interest in computers spend years and even their whole lifetime studying computers and networks both in school and in their free time just to keep a small private network running right. I think it would be an excellent idea to take people who can barely run a VCR and make them system administrators on the largest, most insecure, hardest to control network in the world."
27. Re:"East European" by donaggie03 · 2010-02-25 03:22 · Score: 1
  
  Sadly, that show has been off the air for almost 12 years . .
  
  --
  Three days from now?? Thats tomorrow!! ~Peter Griffin
28. Re:"East European" by gartogg · 2010-02-25 03:36 · Score: 1
  
  Everything isn't free, and plenty of things are not high quality. Try again.
  With commercial software, I know whose reputation is on the line when I buy the software. If my mom buys it at CompUSA, she can bring it back there and complain if it breaks her computer. FOSS software is an unknown quantity - even if it's generally better.
  
  --
  I'm a concientious .sig objector.
29. Re:"East European" by Anonymous Coward · 2010-02-25 03:38 · Score: 2, Interesting
  
  That's true but not an excuse for a stuck throttle...
30. Re:"East European" by causality · 2010-02-25 03:42 · Score: 1
  
  If it were that easy to check for and find all infections, we wouldn't have them.
  This ain't the problem. The problem is that you are not allowed to fix a computer that isn't yours without the explicit consent of the owner.
  When were things like this ever an issue for Microsoft or any other well-lawyered corporation? Just change a few lines of the EULA and suddenly they have all the authorization they need.
  
  --
  It is a miracle that curiosity survives formal education. - Einstein
31. Re:"East European" by maxume · 2010-02-25 03:43 · Score: 2, Funny
  
  It would be even sadder if it were still on the air.
  
  --
  Nerd rage is the funniest rage.
32. Re:"East European" by causality · 2010-02-25 03:43 · Score: 1
  
  Can't we get even a little love for a Seinfeld reference?
  We can, just as soon as XKCD makes a comic about Seinfeld.
  
  --
  It is a miracle that curiosity survives formal education. - Einstein
33. Re:"East European" by Anonymous Coward · 2010-02-25 03:43 · Score: 0
  
  Or, you know, instead of having a monthly tool, Microsoft could just fix the problems so the monthly "malicious software removal tool" software would no longer be needed. Just a thought... nah they'll never go for it. It's cheaper to patch Windows crap code. No other OS has a need for that kind of tool.
  
  And yes, I know "Microsoft / Windows crap code" is redundant.
34. Re:"East European" by Krneki · 2010-02-25 03:47 · Score: 1
  
  EULA != law
  
  --
  Love many, trust a few, do harm to none.
35. Re:"East European" by BluenoseJake · 2010-02-25 03:48 · Score: 1
  
  They already do this, it's called the malicious software removal tool. Too bad you can't force people to run Windows updates, because that's really where the problem lies.
36. Re:"East European" by __aasqbs9791 · 2010-02-25 04:00 · Score: 2, Funny
  
  That's just what they want you to think. They are the East European Ninja's Ninja. First Rule of the Chech Dynasty is you don't talk abou.@$!@$&*
37. Re:"East European" by Noughmad · 2010-02-25 04:03 · Score: 1
  
  Don't tell that to the lawyers. They might come up with EULAW.
  
  --
  PlusFive Slashdot reader for Android. Can post comments.
38. Re:"East European" by Nick+Number · 2010-02-25 04:15 · Score: 1
  
  EULA != law
  But on the other hand, EU Law could be one awesome prime time dramedy.
  See what happens when McKenzie Brackman gets bought out by a shady eastern European firm and the attorneys are forced to defend a colorful array of spammers, phishers, and identity thieves.
  Do you suppose Susan Dey or Corbin Bernsen are available?
  
  --
  Promote proofreading. Don't mod up sloppy posts.
39. Re:"East European" by Anonymous Coward · 2010-02-25 04:15 · Score: 0
  
  I'd love to hear an explanation of how internet licenses would stop people from using open wireless networks, and then I'd love to hear how you would force all these clueless average users who require a license to surf the net to secure their routers properly.
40. Re:"East European" by Anonymous Coward · 2010-02-25 04:24 · Score: 0
  
  I tried linux. Installed pretty easy.
  Wanted to surf the net. Found that pretty easy.
  Wanted to watch a wmv video. FAIL.
  Wanted to play one of my games so I popped the cd in. FAIL.
  Needed to open a spreadsheet from work. The formatting was messed up. FAIL.
  Went back to windows. Was able to surf the net, watch a wmv video, play my game, and my spreadsheet was formatted properly.
  Until the average person can hop on a linux machine and be able to do everything they need to do, it will always be inferior.
41. Re:"East European" by causality · 2010-02-25 04:31 · Score: 1
  
  EULA != law
  While I appreciate the 2-3 word statement of the obvious in reply to a more nuanced issue, it unsurprisingly does not address my question.
  
  There are already things with about this level of absurdity in the MS EULA and in those of other proprietary software companies. Why is the removal of Windows infections so highly illegal and/or impossible under current law? If not via EULA, then by some other mechanism, is not (ideally informed) consent the only requirement here? Or is there some legal reason why Microsoft could not conduct malware scans even if they had a signed waiver from the customer?
  
  --
  It is a miracle that curiosity survives formal education. - Einstein
42. Re:"East European" by Anonymous Coward · 2010-02-25 04:33 · Score: 2, Insightful
  
  The VAST majority of malware installs today happen as the result of idiotic users installing the software themselves.
  Even if you made the PERFECT O/S, how would it be able to stop morons from fucking up their systems because they loved that kewl smiley package, or wanted their fuzzy purple gorrilla back...
  Infections relying soley upon O/S vulnerabilities are declining, and social manipulations are the new attack vector. As long as the vast majority of users remain essentially retarded with regard to operating thier computers, this will ALWAYS be a problem, and has NOTHING to do with what the flavour of your O/S is... As always, malware authors target Windows because they can get tens of millions of computers with a single application, when OS X or *nix offers the same (or a similiar) level of penetration, I GUARANTEE they'll be targetted too...
  -AC
43. Re:"East European" by shentino · 2010-02-25 04:49 · Score: 1
  
  How do you run it on a jacked box?
  Doesn't microsoft know what a rootkit is?
44. Re:"East European" by TheCycoONE · 2010-02-25 05:03 · Score: 2, Insightful
  
  Linux isn't all that secure in the way people care about. Most Linux users care about and are aware of security so they tend to only run programs they get off their package manager or other trusted sources and not run them as root.
  However I've introduced windows users to Linux, and they keep their windows habits like downloading random programs off the internet until told otherwise. A malicious program in Linux can do all the bad things a malicious program in Windows can; and if the program has a little dialog that tells people to run 'sudo programname' if it has limited permissions, I'm sure a lot of people could be socially engineered to do so.
  SELinux addresses some of these problems (eg. a program cannot modify files outside of its security context even if they are owned by the same user) but it is not feasible for an inexperienced/casual user to configure.
  As has been mentioned before, there are two/three things that keep Linux more secure at the moment besides the average technical know-how of its users.
  1. The main one: obscurity. There are not nearly as many Linux machines, and those have fairly diverse sets of software installed on them.
  2. All software (installed through package repositories) have a single update mechanism, making it easier to keep all programs up to date. In windows lots of programs don't have any built in mechanism for determining if a newer version is available, so old exploitable software can go unnoticed for a long time.
  3. Users and Groups existed since the beginning so all software is written to avoid requiring root access unless necessary. This is a problem with windows since the UAC comes up often enough and is easy enough to bypass by default (click ok) that users do it automatically. At this point it's too late though, malicious code that can access my /home/x directory already has access to lots of sensitive information (browser history, personal files, etc.), and can transmit that information over the internet.
  I love Linux, but it is not a security fix-all for uneducated users.
45. Re:"East European" by rotorbudd · 2010-02-25 05:10 · Score: 1
  
  Brake pads do in fact have metal backing plates behind the pad and the little "cricket finger", and it makes an amazing noise when it hits the caliper. My wife knows the sound well.
  
  --
  A bullet may have your name on it, but artillery is addressed to " Whom It May concern"
46. Re:"East European" by Asic+Eng · 2010-02-25 06:24 · Score: 1
  
  Restrictions on car use (e.g. requiring a driving license) are reasonable, because operating a car incorrectly usually poses a serious danger to the lives of others. That's not typically the case for computers, so these cases are just not comparable.
47. Re:"East European" by Anonymous Coward · 2010-02-25 06:39 · Score: 0
  
  Microsoft hasn't found or developed source to patch userina.chair against its myriad vulnerabilities.
48. Re:"East European" by NormalVisual · 2010-02-25 07:22 · Score: 1
  
  But you can tell them to perform preventative maintenence like fluid changes, etc. Then it is their fault if they think they know better and ignore the manufacturer's recommendations.
  
  The analogy breaks down when you consider that a non-trivial number of updates cause problems that take a fair bit of time to resolve. People would be a lot more reluctant to get that air filter changed if they knew there was a 1 in 10 chance that their car's wheels would fall off on the way home.
  
  --
  Please stand clear of the doors, por favor mantenganse alejado de las puertas
49. Re:"East European" by Jimmy+King · 2010-02-25 09:49 · Score: 1
  
  For one, once they're licensed, they've shown they know how to do these things. Hold them responsible for having not properly secured their network just like you hold a licensed driver responsible for their mistakes (what would be a fair punishment? I don't know. We're not discussing fair. I said this wouldn't be fair in the first place). Once that sort of thing is a law, it shouldn't be too hard to require that routers cannot have open access and must require a password.
  
  It's not good. It's too easily circumvented (just like many restrictions, so that wouldn't stop it from happening), it's open for all kinds of abuse, and involves the government sticking their nose all kinds of places I believe it doesn't belong. Like I said, there is no good solution, but you can certainly keep the average law abiding person under control though, if you're willing to pass such a law.
50. Re:"East European" by euxneks · 2010-02-25 10:09 · Score: 1
  
  Cheap cop-out.
  You're in a mass-market. You can not expect the majority of users to know anything about computers. You can debate that point all you like, but that's how it is. Saying otherwise is like saying only car mechanics should be allowed to drive cars.
  No, it's more like saying "people should know how to drive before taking their car on public roads"
  Bad Car analogies? I'm game!!!! *Ahem*:
  It's more like a person telling their chauffeur to drive them off a cliff - what should the chauffer do?
  
  --
  in girum imus nocte et consumimur igni
51. Re:"East European" by ergean · 2010-02-25 11:12 · Score: 1
  
  Thank you!
52. Re:"East European" by DavidRawling · 2010-02-25 14:48 · Score: 1
  
  Except that the chauffeur does not know there is a cliff there, perhaps because Wiley Coyote has painted a canvas that shows the road continuing around a curve. The computer can't interpret the difference between "Connect to server.good.com port 80" and "Connect to server.bad.com port 80", because that information is not known to the computer at the time of the infection.
53. Re:"East European" by Tom · 2010-02-25 22:00 · Score: 1
  
  We already do basic eduction.
  But that is like driving school - it tells you which buttons to click and what a website is. It does not tell you to think. The equivalent to a drivers license is knowing how to use a browser and a mail program.
  Spotting scams and spam goes way beyond driving school, into the "where to find the best gas" and "why women in short skirts are not standing at the edge of the road because they are handing out flyers for pop concerts" area.
  That's stuff you can do with a car, not how to use a car. Same with Internet - learning how to use e-mail and learning to spot spam and scams is not the same thing.
  
  --
  Assorted stuff I do sometimes: Lemuria.org
54. Re:"East European" by Tom · 2010-02-25 22:03 · Score: 2, Insightful
  
  You expect someone who drives a car to understand that they need to change the oil, fill up the gas, etc.
  Uh, no?
  I drive rental cars, don't own one myself (several reason, not important here why). I don't care about changing oil or even washing the damn thing, and if filling up the gas wouldn't be so expensive at the rental company, I'd let them do even that.
  Lots of people who do own cars don't change oil, either. They bring it to a garage and let them do it.
  And why shouldn't they? It's not as if being able to change the oil makes you a better driver.
  
  --
  Assorted stuff I do sometimes: Lemuria.org
55. Re:"East European" by Tom · 2010-02-25 22:09 · Score: 2, Insightful
  
  No, it's more like saying "people should know how to drive before taking their car on public roads"
  No, it isn't.
  They know how to "drive" - they can click those buttons, enter a URL, write an e-mail.
  Their errors are not in the driving. They're in - to stay with the analogy - where they are driving to. Someone taught them how to drive, but nobody told them not to drive their nice Porsche into the Bronx.
  
  --
  Assorted stuff I do sometimes: Lemuria.org
56. Re:"East European" by Tom · 2010-02-25 22:18 · Score: 2, Insightful
  
  Most user don't realize that it is an executable, and the blame for that lies 100% with Microsoft.
  
  --
  Assorted stuff I do sometimes: Lemuria.org
57. Re:"East European" by Krneki · 2010-02-25 23:09 · Score: 1
  
  I'm not a layer, but for privacy reasons you can't touch someone else property, without their explicit consent.
  
  And no matter what you put in the EULA you still can't get this permission.
  
  --
  Love many, trust a few, do harm to none.
58. Re:"East European" by poetmatt · 2010-02-26 03:55 · Score: 1
  
  well yes, what you state is true, and I agree with your statements. I just mean that using something should (theoretically) increase your knowledge of said something, at least to some degree. Sure, not as much as someone trained or a tinkerer, but etc. That's what I meant.
59. Re:"East European" by LordLimecat · 2010-02-26 11:51 · Score: 1
  
  And MRT removes the recently popular MBR and atapi.sys rootkits, does it?
  
  How about MS outsources the malware removal to folks who are actually good at it, like say to the combofix guy? How expensive can it be to hire the guy full time to keep combofix updated?
60. Re:"East European" by LordLimecat · 2010-02-26 11:53 · Score: 1
  
  Automatic Updates should not be the equivalent of loading some unstable branch in Linux. We pay MS a lot of money to get this shit right, and they're full of fail.
  Which updates would those be, and which users have trust issues with microsoft? I dont think Ive ever heard a user say "boy I sure do wish I could trust MS more so I could run automatic updates!"... in fact, the 2 camps seem to be "automatic updates are off, and user has no idea" and "automatic updates are on, and user has no idea".
61. Re:"East European" by causality · 2010-02-27 04:12 · Score: 1
  
  I'm not a layer, but for privacy reasons you can't touch someone else property, without their explicit consent. And no matter what you put in the EULA you still can't get this permission.
  You just discovered why I said "if not via EULA, then by some other mechanism". Tell me, do you even read the posts to which you reply? They were not lengthy in this case.
  
  Just because I mention the EULA as one possible way to do the job, does not mean we need to fixate on the EULA as the One And Only Possible Method and discuss it to the exclusion of all other possibilities. My post was asking the question of whether we can get the job done, full-stop. The job would be having a vendor take care of things like malware scans because average users sure as hell aren't doing well in this area. If one method (such as authorization via EULA) won't work, then another can be used. What I'd like to know is what the available, realistic options are or whether there is simply no feasible way of arranging this.
  
  --
  It is a miracle that curiosity survives formal education. - Einstein
62. Re:"East European" by Tom · 2010-02-27 21:13 · Score: 1
  
  Again, only to a very limited degree, and the less the more mature the product is.
  Let's take another technological item, that is very more mature than a car. A key. Do you know how a lock works? Would it improve your handling of it if you did? There are at least a hundred similar technological inventions around you every day that you barely notice anymore. Cars are still fairly new, and not yet entirely mature, but even there, knowing how it works helps very little in actually driving it.
  For computers, knowing something about them still helps. It makes you know why the machine is slow, and you can then take countermeasures or at least not make it worse by starting even more programs, for example. But again, the more it matures, the more this advantage disappears and "usage skill" and "maintainance skill" drift further apart.
  
  --
  Assorted stuff I do sometimes: Lemuria.org
Good work... by avarus · 2010-02-25 01:43 · Score: 2, Funny

...but where will I get all my v14gra now??
1. Re:Good work... by Anonymous Coward · 2010-02-25 02:01 · Score: 0
  
  I'd guess at one of those Canadian on-line Pharmacies?
  
  Thanks to this post I hurried to get my 5th on-line diploma, and I'm waiting for shipping. But now, where am I going to get my Rep1icaWatches
2. Re:Good work... by secondhand_Buddah · 2010-02-25 02:04 · Score: 1
  
  Send me your email address. I'm sure I could arrange something..
  
  --
  Participatory Governance : The only feasible option for a real democracy, where everyone really does have a say.
3. Re:Good work... by MrNaz · 2010-02-25 02:14 · Score: 1
  
  Have you tried a Canadian on-line watch shop?
  
  --
  I hate printers.
4. Re:Good work... by commodore64_love · 2010-02-25 02:43 · Score: 1
  
  How about some cheap Propecia? I'm tired of paying 3 dollars per pill (per day).
  
  --
  "I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
5. Re:Good work... by NatasRevol · 2010-02-25 03:27 · Score: 2, Insightful
  
  You spend more than $1000 per year instead of accepting that you're going bald?
  It's a whole lot cheaper to just go bald.
  There, I saved you $3/day.
  
  --
  There are two types of people in the world: Those who crave closure
6. Re:Good work... by fredrik70 · 2010-02-25 03:36 · Score: 1
  
  hear, hear, and look at Yul Brynner, it worked for him!
  
  --
  if (!signature) { throw std::runtime_error("No sig!"); }
7. Re:Good work... by h4rr4r · 2010-02-25 04:32 · Score: 1
  
  Go bald like a man, nancy.
8. Re:Good work... by Anonymous Coward · 2010-02-25 05:06 · Score: 0
  
  If he's putting viagra on his head, he's doing it wrong anyway.
9. Re:Good work... by ae1294 · 2010-02-25 06:49 · Score: 1
  
  How about some cheap Propecia? I'm tired of paying 3 dollars per pill (per day).
  You better hope John Locke doesn't find out what you're doing. He'll fucking kill you...
10. Re:Good work... by chris+mazuc · 2010-02-25 06:57 · Score: 1
  
  Try Imitrex sometime... my copay for seven pills was $100. The box would last me about 3-4 days. Or how about Norvasc. Then I lost my insurance for a few months and was paying out of pocket for my meds. I was paying over $300/mo just for the Norvasc, had to completely stop taking the Imitrex, and never mind the medical bills. If I had continued taking the Imitrex I would have spent somewhere around $2500 a month on that alone. I have a really hard time finding pity for you and your $90/mo prescription for hair loss.
  
  --
  E pluribus unum
Microsoft by Anonymous Coward · 2010-02-25 01:43 · Score: -1, Troll

Cue comments about how this is somehow evil...
1. Re:Microsoft by Anonymous Coward · 2010-02-25 02:10 · Score: 1, Insightful
  
  Microsoft forcing domains off the web in total secrecy? How could that possibly be evil ...
  After all, Microsoft has such a shiny track-record of only disconnecting sites that are truly evil *coughcryptomecough*
  Let's just cheer at them while they clean up the internet.
2. Re:Microsoft by WrongSizeGlass · 2010-02-25 02:46 · Score: 4, Insightful
  
  I am by nature a MS basher ... at times even a rather venomous one .. but let's give MS some credit here. They went to court and obviously provided enough evidence that a judge was convinced (yes, yes, I hear the chorus of 'what qualifications did the judge have?'). They didn't take actions into their own hands and they released the information about it once the court ruling was made.
  
  The fact remains that MS was actually acting in their own best interest and that of their customers. Those of use who don't use Windows will probably benefit by receiving a little less spam every day, too.
  
  Hmmm ... I feel a little dirty now ... I better go clean up. I'm pretty sure Steve Jobs will personally come over to repossess my Apple Fan Boy card. Sniff, I'm going to miss it ... a lot. But, I'm rather excited to finally meet Mr Jobs :-)
3. Re:Microsoft by Anonymous Coward · 2010-02-25 02:59 · Score: 0, Flamebait
  
  I see it this way:
  it's quite unsettling that Microsoft can go to some US court and disconnect domains on the other side of the planet, without the disconnected party even knowing or being able to defend themselves.
  This probably reinforces a few people that the control over DNS isn't necessarily in the best hands in the US.
  Not to mention that MS now has a precendent to quickly get rid of sites just by accusing somebody of something, without due process.
4. Re:Microsoft by Noughmad · 2010-02-25 04:15 · Score: 1
  
  let's give MS some credit here. They went to court
  I always assumed they have a kind of a permament base there.
  
  --
  PlusFive Slashdot reader for Android. Can post comments.
5. Re:Microsoft by SnarfQuest · 2010-02-25 04:36 · Score: 2, Funny
  
  This is just another case of Microsoft going after successful businessmen, in order to drive them out of an arena that Microsoft is planning on taking over. Soon, you're e-mail will be plastered with offers for MSV1AGRA, and letters from the son of the deposed Chaiman of Microsoft who needs your help getting money out of Redmond.
  
  --
  Who would win this election: Andrew Weiner vs Andrew Weiner's weiner.
6. Re:Microsoft by newdsfornerds · 2010-02-25 05:54 · Score: 1
  
  You mean they actually used their lawyers for a good cause? The mind boggles.
  
  --
  Damping absorbs vibrations. Dampening is caused by moisture.
One step toward active botnet fighting? by jeffmeden · 2010-02-25 01:45 · Score: 4, Interesting

This is nice (if reactionary) but how long before we can get a court order to legally fight the botnet by 'infecting' the target computers with a patch, or at least some sort of message that warns the user to seek help?
Would Microsoft ever go that far? Would that be admitting that the only solution to the holes in Windows is vigilantism?
1. Re:One step toward active botnet fighting? by bhamlin · 2010-02-25 01:55 · Score: 1
  
  Honestly, were I writing malware, the first thing I'd do after something like that came out was try and figure out how to disable it. You can't trust anything on a compromised computer.
  Sure, it might catch a few. Most likely the user will just ignore the warning, hoping it'll go away; then once the malware has an update that disables the warning, it will go away. Problem solved.
  About the only thing that will fix the current spyware/malware problem would be smarter computer use and privilege separation. But in my experience users will click on anything just to get their shiny pointers.
2. Re:One step toward active botnet fighting? by Anonymous Coward · 2010-02-25 01:55 · Score: 0
  
  This is nice (if reactionary) but how long before we can get a court order to legally fight the botnet by 'infecting' the target computers with a patch, or at least some sort of message that warns the user to seek help?
  Would Microsoft ever go that far? Would that be admitting that the only solution to the holes in Windows is vigilantism?
  It has already been done, all be it without any permission. At least here in the UK by the BBC when they paid cybercrims to obatin access to a botnet for reporting purposes.
  http://www.theregister.co.uk/2009/03/12/bbc_botnet_probe/
  http://www.theregister.co.uk/2009/03/16/bbc_botnet_bought/
3. Re:One step toward active botnet fighting? by characterZer0 · 2010-02-25 01:58 · Score: 1
  
  When you can prove that your patch will in no way adversely affect any computer that it is installed on.
  
  --
  Go green: turn off your refrigerator.
4. Re:One step toward active botnet fighting? by Saint+Fnordius · 2010-02-25 02:11 · Score: 4, Informative
  
  It actually has come to the point where botnets are actively removing other malware from the infected computer, much like a parasite killing off other parasites so that it has sole possession of the host.
5. Re:One step toward active botnet fighting? by derGoldstein · 2010-02-25 02:49 · Score: 1
  
  There's a joke to be made here about how disabling windows does not "adversely affect" a computer... But somebody funnier than I am should make it.
  
  --
  Entomologically speaking, the spider is not a bug, it's a feature.
6. Re:One step toward active botnet fighting? by WrongSizeGlass · 2010-02-25 02:51 · Score: 1
  
  It's true. competition is still competition ... and there's nothing better than a monopoly - especially if you are an infection.
7. Re:One step toward active botnet fighting? by derGoldstein · 2010-02-25 02:53 · Score: 4, Interesting
  
  I'm waiting for the visualization software that will display the fight. Maybe you could place bets...
  
  --
  Entomologically speaking, the spider is not a bug, it's a feature.
8. Re:One step toward active botnet fighting? by PitaBred · 2010-02-25 03:08 · Score: 1
  
  It's not 3 words, "all be it", it's a single word, albeit. You're obviously a native speaker, because otherwise you would have understood that difference...
  
  --
  My blog. Good stuff (when I remember to update it). Read it.
9. Re:One step toward active botnet fighting? by Anonymous Coward · 2010-02-25 03:45 · Score: 0
  
  Maybe just a plugin for iTunes? You'd get the visual and pick your own soundtrack. Theme From Rocky, coming up ...
10. Re:One step toward active botnet fighting? by MooMooFarm · 2010-02-25 04:06 · Score: 1
  
  I find this to be a great step to fighting botnets legally. More security companies should follow this path and get legal court orders to fight malicious code.
  
  I find it quite ludicrous that many botnets are well-known as are how they operate their C&C's but the hands of those who can fix it are tied by the laws that are meant to catch these botnet herders.
11. Re:One step toward active botnet fighting? by Anonymous Coward · 2010-02-25 04:33 · Score: 0
  
  yeah I've seen that when AV software requires you to uninstall similar product..
12. Re:One step toward active botnet fighting? by Anonymous Coward · 2010-02-25 04:37 · Score: 0
  
  It didn't "come to this point" - cleaning out other virii was ALWAYS a good idea, and in use for a long time.
13. Re:One step toward active botnet fighting? by marcosdumay · 2010-02-25 05:33 · Score: 1
  
  It is not vigilantism if a court orders you to do it.
  
  --
  Rethinking email
14. Re:One step toward active botnet fighting? by dwinks616 · 2010-02-25 05:34 · Score: 0
  
  Requiring you uninstall another AV product has nothing to do with eliminating competition. It has to do with them needing to remove a program that will horribly conflict with theirs, since running more than one AV is really bad, and forcing you to do so since you don't know better.
15. Re:One step toward active botnet fighting? by marcosdumay · 2010-02-25 05:37 · Score: 1
  
  You can stop users from installing shiny pointers by giving uninfected shiny pointers to them before the fact. But of course, that will only change the vectors.
  
  --
  Rethinking email
16. Re:One step toward active botnet fighting? by An+ominous+Cow+art · 2010-02-25 06:05 · Score: 1
  
  That nicely sums up the last 25 years or so of Microsoft :-).
17. Re:One step toward active botnet fighting? by Anonymous Coward · 2010-02-25 06:27 · Score: 0
  
  It actually has come to the point where botnets are actively removing other malware from the infected computer, much like a parasite killing off other parasites so that it has sole possession of the host.
  I'm waiting for the visualization software that will display the fight. Maybe you could place bets...
  Then you need to look no further, my friend. May be available in HD in selected areas.
18. Re:One step toward active botnet fighting? by Jeffrey_Walsh+VA · 2010-02-25 07:25 · Score: 1
  
  ...some sort of message that warns the user to seek help
  
  Who says there is a "user" out there who wanted help? The hosting provider was probably getting a lot of money to ignore all the requests to stop it.
19. Re:One step toward active botnet fighting? by logixoul · 2010-02-25 08:49 · Score: 1
  
  http://xkcd.com/350/ :)
20. Re:One step toward active botnet fighting? by Chapter80 · 2010-02-25 09:46 · Score: 1
  
  This is nice (if reactionary) but how long before we can get a court order to legally fight the botnet by 'infecting' the target computers with a patch, or at least some sort of message that warns the user to seek help?
  So you're saying that the users should get, say, a pop-up, that says "Your computer may be infected. Click here to fix the problem."
  Do you see the irony in this plan?
21. Re:One step toward active botnet fighting? by Thinboy00 · 2010-02-25 10:58 · Score: 1
  
  There's a joke to be made here about how disabling windows does not "adversely affect" a computer... But somebody funnier than I am should make it.
  Tuxissa does not "adversely affect" a computer.
  
  --
  $ make available
22. Re:One step toward active botnet fighting? by I'm+not+really+here · 2010-02-26 02:00 · Score: 1
  
  Gotta love it: http://xkcd.com/350/
  
  --
  Before commenting on the Bible, please read it first
23. Re:One step toward active botnet fighting? by jeffmeden · 2010-02-26 02:22 · Score: 1
  
  It just needs to be better thought out. How about a modal box that says "VIRUS! GO GET HELP!" and you can't use the computer for 5 solid minutes. The user can spend that 5 minutes either contemplating existentially, or calling someone who might have a clue to help them. It's not perfect but it's better than nothing.
Eat Yellow Snnow Ballmer ! by Anonymous Coward · 2010-02-25 01:45 · Score: -1, Offtopic

Eat the snnnow Ballmer Eat the snnow !
Contingencies by flink · 2010-02-25 01:46 · Score: 4, Interesting

Even if the control machines loose DNS resolution, might not the botnet be configured to fall back to connecting to well known IP addresses to accept commands? Seems like the logical thing to do if you are creating an illegal network...
1. Re:Contingencies by FlyingBishop · 2010-02-25 01:50 · Score: 1
  
  They probably have a number of redundant measures. Most of the nodes communicate with each other directly, and only accept commands signed by the owner. So if the owner can get new orders out to a head node, the rest of them can easily be updated.
  This will at the least result in a momentary lull though.
2. Re:Contingencies by Cyner · 2010-02-25 01:50 · Score: 1
  
  1. If they were smart it's easier to make money legally than illegally.
  2. They have quite a few domains for a reason, and normally they don't all go dark at the exact same well-coordinated time.
  
  --
  FreeBSD.org - The power to serve
3. Re:Contingencies by tokul · 2010-02-25 01:51 · Score: 1
  
  Even if the control machines loose DNS resolution, might not the botnet be configured to fall back to connecting to well known IP addresses to accept commands? Seems like the logical thing to do if you are creating an illegal network...
  
  Hardcoded IP address allows to trace bot master. Fallback to master's address is not logical. It is dangerous and unsafe. Logical thing would be to start new botnet when original botnet is targeted by authorities.
4. Re:Contingencies by Clover_Kicker · 2010-02-25 01:53 · Score: 4, Insightful
  
  1. If they were smart it's easier to make money legally than illegally.
  Really?
5. Re:Contingencies by Akido37 · 2010-02-25 01:55 · Score: 1
  
  1. If they were smart it's easier to make money legally than illegally.
  It's really not. If you've ever been involved with, or known anyone involved with selling illegal drugs, you'd know how false that statement is.
6. Re:Contingencies by characterZer0 · 2010-02-25 01:59 · Score: 2, Funny
  
  It's really not. If you've ever been involved with, or known anyone involved in politics, you'd know how false that statement is.
  
  --
  Go green: turn off your refrigerator.
7. Re:Contingencies by pHus10n · 2010-02-25 02:02 · Score: 1
  
  Politics? We already covered "how to do it illegally".
8. Re:Contingencies by Tom · 2010-02-25 02:09 · Score: 1
  
  Even if the control machines loose DNS resolution, might not the botnet be configured to fall back to connecting to well known IP addresses to accept commands?
  You'd have to store that IP somewhere, which means in the clients, which means it'll be found and either disabled or lead them right to your door.
  
  --
  Assorted stuff I do sometimes: Lemuria.org
9. Re:Contingencies by Anonymous Coward · 2010-02-25 02:10 · Score: 0
  
  It's really not. If you've ever been involved with, or known anyone involved with selling health insurance, you'd know how false that statement is.
  Fixed that for you.
10. Re:Contingencies by TheLink · 2010-02-25 02:10 · Score: 4, Interesting
  
  If I wrote malware (I don't), I'd use google, other search engines and maybe even twitter (but that's probably covered by search engines nowadays) to search for new instructions :). So you could post the instructions "anywhere" in the world along with keywords. The search engines would find it. Naturally you'd check the signatures to see if the instructions are valid.
  
  I'd also write the malware in perl. Pretty easy to do such stuff with perl - can also fork and run the instructions in an eval (if you think people are going to crack your malware). It'll be interesting to see how the AV people cope with TIMTOWTDI. Probably trivial to whip up equivalents in python or similar.
  
  Such malware could run on windows, Linux, *BSD, OSX :).
  --
  
  Too many replies beneath your current threshold
11. Re:Contingencies by Jahava · 2010-02-25 02:11 · Score: 5, Insightful
  Even if the control machines loose DNS resolution, might not the botnet be configured to fall back to connecting to well known IP addresses to accept commands? Seems like the logical thing to do if you are creating an illegal network...
  Well, here are a few thoughts:
  
  Microsoft probably thoroughly reverse-engineered the botnet client code prior to seeking the court's assistance. Therefore, they have a very good understanding of the botnet's control algorithms. They probably derived those domain names and took those specific measures in response to their understanding of those algorithms.
  For a botnet, hard-coding IP addresses could be riskier than DNS names. If someone is trying to shut you down, it's easier on their part to pick a specific set of IP addresses and (with cooperation of their respective ISPs) get them shut down or (without said cooperation) firewalled.
  For a botnet, it's much faster and easier to change your IP address and update a DNS entry, leaving the botnet code alone. If you have to change those hard-coded addresses, you have to not only rebuild and push new code, but update every infected system (and any network admin on a legit controlled network knows that there can be issues with this). With the DNS entry they have a central point to update.
  I'd not be surprised if Microsoft chose this specific botnet because it had a vulnerability that was within the reach of a court to address
  As others have pointed out, this teaches every other botnet author a lesson on what can be done. The problem ain't solved by a longshot, but maybe the Internet is safe for another night (cue Batman music).
12. Re:Contingencies by Ifni · 2010-02-25 02:11 · Score: 4, Insightful
  
  I tend to wonder at the accuracy of that assumption. I think that drug dealing is a lot like acting - people see all the famous actors and say "I can get rich as an actor", but don't notice that it is only the top one percent or so that truly make it - the rest struggle to get by, or make a moderate living at best. Additionally, as a drug dealer, you also have to avoid the law - being wildly successful for 5 years then getting caught and put in jail for ten to twenty makes flipping burgers more profitable an endeavor over the long term. Not to mention the rather short life expectancy of many of the most successful due to "competition".
  So, short term, yeah, dealing (or many types of crime) is easier than making money legally. But long term, you either have to be really good, and thus invest much effort in staying one step ahead of both the law and those looking to "replace" you, or you lose the advantage that crime had, and then some. And if you are investing the required effort successfully, you likely could have done equally well working legitimately. Sure, there are the Dons and Columbian drug lords that are the exception, but again - only the top 1% or less enjoy that privilege.
  
  --
  Oh, was that my outside voice?
13. Re:Contingencies by snemarch · 2010-02-25 02:12 · Score: 1
  
  Who said anything about a hardcoded IP leading to the bot-master's own computer? It's not as if DNS entries would magically obscure the IP anyway, so a handful of hardcoded IPs for hacked or "safely setup colo" boxes could be employed.
  Why rely on master control servers anyway? Hide control commands on blog comments, twitter updates, et cetera - might be slow crawling around finding these, so perhaps not super feasible for "flood that sucker now" commands... but could be used to supply new control server DNS/IP, updates, you name it.
  
  --
  Coffee-driven development.
14. Re:Contingencies by Anonymous Coward · 2010-02-25 02:13 · Score: 0
  
  http://www.ted.com/talks/steven_levitt_analyzes_crack_economics.html
  Steven Levitt would like to have a few words with you.
15. Re:Contingencies by L4t3r4lu5 · 2010-02-25 02:13 · Score: 3, Insightful
  
  Indeed. I was just thinking "Hey, I could go out to work for a month, do 8 hours a day in a confined space staring at a computer screen, being breathed on by a boss who thinks that 30 seconds on /. is a sackable offence, stressed out of my mind as my skillset is quite over-subscribed at the moment and if I lose my job I'll be in a highly competitive workplace, or I could pull a kitchen knife from my home, go around to the closest atm, wait for someone to stick in their pin, and have all of their money!"
  
  Work isn't easy. If it was, we wouldn't be paid to do it.
  
  --
  Finally had enough. Come see us over at https://soylentnews.org/
16. Re:Contingencies by 140Mandak262Jamuna · 2010-02-25 02:21 · Score: 1
  
  1. If they were smart it's easier to make money legally than illegally.
  Really?
  Yes, really. Just ask Tim Gaitner, Hank Paulson or any of the Chief Embezzling Officers or anyone working for Morgan Stanley.
  
  --
  sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
17. Re:Contingencies by Anonymous Coward · 2010-02-25 02:22 · Score: 0
  
  1. If they were smart it's easier to make money legally than illegally.
  You must have been home schooled and/or grown up with the Amish.
18. Re:Contingencies by Anonymous Coward · 2010-02-25 02:24 · Score: 0
  
  Even if the control machines loose DNS resolution, might not the botnet be configured to fall back to connecting to well known IP addresses to accept commands? Seems like the logical thing to do if you are creating an illegal network...
  What if it was a tight DNS resolution?
19. Re:Contingencies by maxume · 2010-02-25 02:27 · Score: 2, Interesting
  
  Slashdot comments would be a great place to put a bot domain lookup (you could check every story for anonymous comments containing domains, check every story in a certain section for anonymous comments containing domains, or even check a certain account).
  The relatively strict attitude about 'freezing' things means that they probably wouldn't disappear, compared to blog comments, where a given blogger might zap stuff or not.
  
  --
  Nerd rage is the funniest rage.
20. Re:Contingencies by Afty0r · 2010-02-25 02:28 · Score: 1
  
  1. If they were smart it's easier to make money legally than illegally.
  Even if I wasn't handing over around half my income to the gubmint, I doubt this would be true. If it were true there wouldn't be many crims left...
21. Re:Contingencies by maxume · 2010-02-25 02:32 · Score: 1
  
  There is a discussion of the relatively low typical rewards and relatively high typical risk in the book Freakonomics:
  http://freakonomicsbook.com/freakonomics/chapter-excerpts/chapter-3
  
  --
  Nerd rage is the funniest rage.
22. Re:Contingencies by tokul · 2010-02-25 02:33 · Score: 1
  
  Who said anything about a hardcoded IP leading to the bot-master's own computer?
  
  It is a lot easier to trace IP address and to identify bot owner. If "owner" is just another victim, it can be shut down just like domains. Domains can jump from one location to another. Safer way is to generate new domain name. Then authorities must block new domains in order to make sure that botnet remains disabled.
  Blog controls might require more advanced bot client.
23. Re:Contingencies by TheLink · 2010-02-25 02:33 · Score: 1
  
  In terms of $$$$$$$ obtained, I think the finance bunch have been doing pretty well. And lower risk too. When they supposedly screwed up they still got bonuses.
  
  All it takes is to not have a conscience or being able to fool yourself that you are actually adding lots more value than you are taking out.
  
  As the title of one book says: "Where Are the Customers' Yachts? or A Good Hard Look at Wall Street".
  --
  
  Too many replies beneath your current threshold
24. Re:contingencies by nacturation · 2010-02-25 02:35 · Score: 1
  
  I would have it passively scan well-known websites for hidden messages. For example, browse Slashdot at -1 and pick up posts which contained a specifically formatted payload. Once the message was decoded, verify the message's signature against a public key and execute the payload.
  Or on places which allow for image uploading. Use steganography to embed the payload into the images. Or Twitter status messages... look for specific hashtags such as #flamewar or something relatively obscure then follow the URL for the payload. The payload could be obscured via steganography as well... imagine a Twitter status saying "Awesome flame war on this forum" and someone's sig contains an image with the payload embedded.
  Tons of possibilities and there's no way you can take down every site or scan every hidden message.
  
  --
  Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
25. Re:Contingencies by mindstrm · 2010-02-25 02:35 · Score: 1
  
  I'm sure they do/will - but you fight each attack with the tools necessary.
  If taking a few domains offline temporarily totally crippled a massive botnet, that's great, as much as the possible future slippery-slope or abuse of power by using DNS for abuse-enforcement bothers me........ we don't want court-orders against DNS providers to become the way to shut sites down globaly all the time.
  IT does, however, in the case of these viruses and whatnot, seem like a very logical choice, and places the core DNS infrastructure in a unique position to mitigate a huge amount of damage, fast.
26. Re:Contingencies by jecblackpepper · 2010-02-25 02:45 · Score: 1
  
  Have a read of Freakonomics. That has a chapter about the economics of drug dealing. The headline question posed is something like "Why do drug dealers live at home with Mom?" The answer being that it pays so badly that the majority of dealers can't afford their own place. The conclusion was that drug dealers, in Chicago if I remember correctly, on average earn less than minimum wage and have a lower life expectancy than someone on death row.
  One asks why do they do it then, one the main reasons apparently was that they could see that 1% who were earning megabucks and thought that they'd be able to break into the big time too, so all the hardship now would be worth it - of course 99% never make it big.
27. Re:Contingencies by Arthur+Grumbine · 2010-02-25 02:49 · Score: 1
  Microsoft probably thoroughly reverse-engineered the botnet client code prior to seeking the court's assistance.
  Sounds like a DMCA violation if you ask me. Won't someone think of the (botnet) authors?!
  --
  Now that I think about it, I'm pretty sure everything I just said is completely wrong.
28. Re:Contingencies by nedlohs · 2010-02-25 02:54 · Score: 1
  
  I doubt you'll earn more money robbing ATM users with your kitchen knife than an office job.
  ATMs have limits on withdrawals, people going to an ATM tend to be doing so because they don't have much cash on them.
  At some point you'll pick the wrong guy and get shot, or get caught and go to jail.
  Small time armed robbery sounds to me like the one of the worst ways to earn a living through crime too - the punishments are reasonably high, the risk of being identified and then caught are reasonably high, the risk of being out-gunned by the victim are reasonably high, and you have to do it a lot due to the relatively small amounts of money you get each time.
  You'd be better off breaking into unoccupied houses, much better off embezzling money. At least that's my impression anyway.
29. Re:Contingencies by MikeBabcock · 2010-02-25 02:55 · Score: 1
  
  On a similar note, this is why many malware authors used IRC for bot controlling. Connecting to a well-known IRC network and listening for commands pretty much prevents your 'server' from being taken down.
  
  --
  - Michael T. Babcock (Yes, I blog)
30. Re:contingencies by Missing_dc · 2010-02-25 02:56 · Score: 2, Funny
  
  ##Monkey Cow Chicken Fly 128!k93>>22k5gg91
  I find your proposition utterly preposterous! ;)
  
  --
  How amazed would you be to suddenly find that you just forgot what I wrote and you needed to reread my post.... again.
31. Re:Contingencies by MikeBabcock · 2010-02-25 02:56 · Score: 2, Funny
  
  And somehow selling health insurance is considered an honest profession. Go figure.
  
  --
  - Michael T. Babcock (Yes, I blog)
32. Re:Contingencies by pehrs · 2010-02-25 02:57 · Score: 4, Informative
  
  Not a new idea. Google is working actively to stop this kind of abuse, which they do by forcing you to go through a captcha if you try to search for terms that are related to malware. I have taken apart a few "evil" programs that did google searches, and each time I found that the search terms had a captcha block.
  State of the art for malware is to use a generator function (typically a hash) to generate random domain names. If it loses contact with the C&C servers it will use this generator to try domain names until it finds a new configuration file (propperly encrypted and signed). For the controller they only need to register one of the domain names generated by the hash and eventually the bots will all reconnect.
33. Re:Contingencies by derGoldstein · 2010-02-25 02:58 · Score: 1
  
  It seems you've come to a conclusion, then. Do let us know how that works out for you.
  
  --
  Entomologically speaking, the spider is not a bug, it's a feature.
34. Re:Contingencies by Anonymous Coward · 2010-02-25 03:00 · Score: 0
  
  Good luck running PERL or Python on a windows machine without finding a way to install either on the system first ;)
35. Re:Contingencies by onepoint · 2010-02-25 03:03 · Score: 1
  
  I would like to think you are right, But based on the replies I have read, and the general views, the bot owner would have a nightmare for the rest of their lives.
  maybe my perspective is wrong, but I think that the average slashdot user is way more skilled that the average bot writer. And just about every slashdoter loves a challenge where the winner get's uber bragging rights.
  let's see... hmmm....
  people fighting spam on this forum with great knowledge, check
  people explaining how to configure systems for max performance, check
  fast executing code and links to find sample code to work on, check
  tricks to prevent virus's on the system, check
  access to really screw with people and most likely some real SOB's that would enjoy taking down bot's ( for the heck of it ), Oh YAH
  so I would think that if anything, they would be smart enough not to get near this place
  
  --
  if you see me, smile and say hello.
36. Re:Contingencies by Deathlizard · 2010-02-25 03:06 · Score: 2, Insightful
  
  Domains and IRC are dead ends for current botnets anymore exactly because authorities can shut them down.
  The newer botnets use Peer to Peer networks for command and control. Either a In House private P2P or (most likely since they're already established) a public P2P like Kademila or Gnutella. Then all you would have to do is search the network with a authorization string+botnet command string embedded in it(IE: randomhexspamtheworld). When the bot receives the search string, it validates against the authorization string (randomhex) to make sure it's your command and then does the action contained in the botnet commandstring (spamtheworld).
  
  --
  In Soviet Russia, Trojan exploits YOU!
37. Re:Contingencies by KDR_11k · 2010-02-25 03:10 · Score: 1
  
  They're free to appear in court and sue Microsoft.
  
  --
  Justice is the sheep getting arrested while an impartial judge declares the vote void.
38. Re:Contingencies by PopeRatzo · 2010-02-25 03:13 · Score: 1
  
  it's easier to make money legally than illegally.
  Nonsense. If it really were easier to do good than bad, we wouldn't need laws or 10 commandments or time outs.
  
  --
  You are welcome on my lawn.
39. Re:Contingencies by TheLink · 2010-02-25 03:14 · Score: 1
  
  The search terms don't have to stay the same once new instructions are downloaded.
  
  And the instructions do not have to be tied to one particular set of search terms - the various breeds of malware out there could be posting/uploading/spamming/hosting the instructions with the search terms for that breed's generation of malware.
  
  Yes some strains might die out, but the fittest ones might survive for a while...
  
  Might be hard to maintain control over all of the breeds though... But I doubt any of them will achieve "Skynet" status ;).
  --
  
  Too many replies beneath your current threshold
40. Re:Contingencies by egburr · 2010-02-25 03:15 · Score: 1
  
  I think you missed the "if they were smart" part of the statement.
  On the very short term, it may be easier through illegal activities. On the long term, most people choosing the illegal activities suffer far worse consequences than whatever profit they got was worth. Of course, just like playing the lottery or working a "legitimate" job, there will always be a few who attain profits far exceeding any negative consequences they suffer.
  There are so many "crims" (I assume you meant criminals?) left because a lot of them just aren't all that smart. They see an opportunity to make a quick buck but fail to look ahead to see the consequences.
  
  --
  
  Edward Burr
  Having a smoking section in a restaurant is like having a peeing section in a swimming pool.
41. Re:Contingencies by maxume · 2010-02-25 03:16 · Score: 1
  
  Nah, there aren't even hundreds of domains listed in the average story, so you just have to set your command and control servers to respond with a magic token when a certain address is queried (say, http://example.com/index.html, in order to not show up as 'odd' in server logs), and then check every domain.
  Checking only domains posted by AC cuts down on the number you would have to check. So does only checking the domains posted by a certain user (it would be incredibly obscure, you could create an offtopic AC comment and then only reply to that, only post to journal entries of other fake accounts, etc).
  Or you could sign the domains.
  And cryptography basically makes the level of motivation of slashdotters irrelevant.
  
  --
  Nerd rage is the funniest rage.
42. Re:Contingencies by Anonymous Coward · 2010-02-25 03:20 · Score: 0
  
  the search engines would find it
  Most search engines have ways to filter out results they do not want. You probably could make it difficult to filter but not impossible. As the very things you look for it can filter for.
  I am sure with a court order it would be filtered. Given it is for spam they probably would it it gratis and not even need a court order to do it.
  As for your perl dropper its not unique. The perl enviro is pretty large. So people may notice that. Also it gives the virus scanners one more thing to say with more certainty that it is a virus. They already have the issue you think would thwart them (permutations of the same thing). Your right it works. I knew a guy who would change 1 byte in a virus and virus scanners wouldnt pick it up anymore. Then I told him he needed a more interesting hobby than playing with a hex editor.
  As for cross platform that would only work so far. As things are in wildly different places in each OS. So your code would need to take that into account (1 more thing for the virus scanners to detect you with). Your code would also need to take into account different vulins in each os. Many more successful ones these days have 1-N different exploits they try just for 1 os (yet more things they can detect you with).
  Honestly these sorts of virus/trojans do not scare me much. They are just annoying and once you get a sig for them they are easy to cleanup. At the worst a clean format and reinstall fixes the issue.
  The ones that scare me are the ones that use virtual machines to hide in the lower levels of the computer such as in your bios. Then act as a virtual machine manager. That rootkit kind scares me. As they can be nearly impossible to detect and cleanup.
  So yes you probably could develop a virus in perl. But 4gl langs have a pretty heavy footprint. My point? It is the small 2-20k viri that are wildly successful as they can be sent over a dialup modem in a short amount of time.
43. Re:Contingencies by PopeRatzo · 2010-02-25 03:21 · Score: 3, Insightful
  
  I doubt you'll earn more money robbing ATM users with your kitchen knife than an office job.
  That's why counterfeiting is the way to go. You don't have to employ violence, you just print your own money.
  Counterfeiters are the princes of thieves, IMO.
  But truly, the way to succeed here in America, statistically, is to be born to a rich family. It's the #1 predictor of whether or not you will be well-off during your life. If you're born poor, you have less chance to move up the social/economic scale than if you were born in Germany, Denmark, Finland, Sweden, Norway, Ireland, France...
  The notion that "anybody can make it in the US if they work hard" is a fairy tale.
  Seriously. Be born rich. That's the way to go.
  
  --
  You are welcome on my lawn.
44. Re:Contingencies by TheLink · 2010-02-25 03:27 · Score: 1
  
  > Good luck running PERL or Python on a windows machine without finding a way to install either on the system first ;)
  
  Search for py2exe or pp.
  
  There are plenty of python and perl programs that run on win32 without requiring perl or python to be installed. Yeah the resulting exe is kinda big, but nowadays there are plenty of huge webpages... The updates don't all have to be as big.
  --
  
  Too many replies beneath your current threshold
45. Re:Contingencies by dunkelfalke · 2010-02-25 03:30 · Score: 1
  
  Really? They're ok the last days of may.
  
  --
  "It's such a fine line between stupid and clever" -- David St. Hubbins, Spinal Tap
46. Re:Contingencies by Anonymous Coward · 2010-02-25 03:33 · Score: 0
  
  Microsoft is microsoft. What probably happened here, is there were confined tests run in a virtualized environment intentionally infected by the virus. Then, you strip out different control servers dns entries and observe more. It's like trolling 4chan, just with computer code.
47. Re:Contingencies by CAIMLAS · 2010-02-25 03:33 · Score: 1
  
  If there was no big initial payoff to dealing drugs, people wouldn't start. When you can spend maybe an hour delivering your goods a day and make a couple hundred dollars for your efforts (minimum), there is incentive.
  I know of a guy who made $800 in one day - his first - selling pot. I know of another guy who (while still in high school) made enough to buy a $60k vehicle outright.
  There is no doubt in my mind that the casual drug dealer can make significantly more than minimum wage while doing negligible work each day. If you've got no base competency and know people who use, it's a no-brainer: your first-person acquaintances alone can stock your fridge and pay your rent.
  
  --
  ~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
48. Re:Contingencies by ShadowRangerRIT · 2010-02-25 03:34 · Score: 1
  
  You're not really dealing with his main point. Drug dealers aren't very smart. Why else would they engage in a crime with lots of competition, disproportionate penalties and a client base that is invariably unbalanced?
  
  --
  $_ = "wftedskaebjgdpjgidbsmnjgcdwatb"; tr/a-z/oh, turtleneck Phrase Jar!/; print
49. Re:Contingencies by GigsVT · 2010-02-25 03:42 · Score: 1
  
  They usually used private IRC networks, so that blows your theory out of the water.
  
  --
  I've had enough abrasive sigs. Kittens are cute and fuzzy.
50. Re:Contingencies by DNS-and-BIND · 2010-02-25 03:42 · Score: 1
  
  Hm. I know some immigrants from Somalia, China, and Mexico who would heartily disagree with that. It appears you're talking about being the most successful, instead of pulling yourself out of poverty and into the middle class. But hey, back to our regularly-scheduled bout of anti-American negativism.
  
  --
  Shutting down free speech with violence isn't fighting fascism. It IS fascism!
51. Re:Contingencies by Anonymous Coward · 2010-02-25 03:56 · Score: 0
  
  Why do people think the word "lose" is spelled with two O's these days? Who taught everyone this? I see it all the time.
  "Loose" is a word that describes something that fits poorly because it's too big. "Lose" is when one no longer has possesion of something.
52. Re:Contingencies by sjames · 2010-02-25 03:59 · Score: 1
  
  In SOME countries, work is easier than crime. In others, crime is by far easier. Unemployment stats, workplace regulations, and the effectiveness of law enforcement work together to determine which is the case for a given country.
  Of course, as you obliquely point out, sometimes crime and work are the same thing.
53. Re:Contingencies by Spaham · 2010-02-25 04:04 · Score: 1
  
  as long as you can get people using windows to install the latest build of perl and the necessary libs,
  then you're all set !
54. Re:Contingencies by 2obvious4u · 2010-02-25 04:04 · Score: 4, Interesting
  
  That is a bad assumption on his part. Drug dealers have different priorities than most people. I used to know people who would gross 100k a week dealing drugs. The thing is they would have to pay 60k back to the suppliers and then they would split 10k each and would pick up girls and take them on shopping sprees to get laid and would spend the rest on stuff like cloths and drugs for themselves. They really didn't have any money left at the end of the week. Owning houses that you bought with drug money doesn't work out very well when the IRS comes knocking, so they would blow all their funds on consumables during the week.
  
  Eventually they got caught and spent about 5 years in jail each. But for the 2 or 3 years they were earning that kind of cash and spending it on cloths, cars, women and drugs they lived like rock stars. The problem is that you do get caught and it is a very rough life. You have to have a very low moral standard that most of society can't stomach. But from the pictures it looked like a lot of fun. Even knowing about the 5 years hard time at the end.
  
  Oh, and women like drug dealers. You get a girl hooked on your supply and you can get laid whenever you like. Not everything can be measured in dollars.
55. Re:Contingencies by DiademBedfordshire · 2010-02-25 04:07 · Score: 1
  
  I think you are confusing selling pot and coke to the local HS/college kids and selling crack on the streets.
  The individual selling pot and coke to HS/college kids is selling almost exclusively to friends and friends of friends. He carefully cultivates his contacts and (should) act in a business like manner. He buys from some other low level dealer and makes that kind of profit because they are the only game in town.
  Selling on the street is way different. It's gang work mostly. To make one sale you have 4 to 6 people involved. 1) The person who takes the order 2) the runner who takes the order back to the safe house 3) the second runner who takes the drugs from the safe house 4) the money collector 5) the person who makes the final drop off. Each person in that chain needs to get paid along with the rest of the gang.
  Then you have the risks. There are two big risks for the college kid: Cops and getting killed when he goes into the city to pick up his supply. The street dealer has many more. 1) Rival Gangs are always looking to cut into the turf, find safe houses to raid. 2) Inter gang politics 3) "Clients" killing over their next fix 4) Getting busted by the cops.
  So yea if you are living the suburban dream selling pot and coke will pay the fancy bills while you get your MBA.
56. Re:Contingencies by Anonymous Coward · 2010-02-25 04:09 · Score: 0
  
  Saying that the USA is better than Somalia, China, and Mexico for the impoverished is not saying the USA is good for the impoverished. It just doesn't suck as much.
57. Re:Contingencies by maxume · 2010-02-25 04:20 · Score: 1
  
  Much of the law is concerned with codifying a mutual definition of 'good'.
  Much of law enforcement is expended on dysfunctional people (that is, they are unable to accurately predict the risks and rewards associated with various actions).
  So for most people, doing good probably is still easier, but we still need laws.
  
  --
  Nerd rage is the funniest rage.
58. Re:Contingencies by Actually,+I+do+RTFA · 2010-02-25 04:21 · Score: 3, Funny
  
  There are two ways to make a lot of money. Commit big enough crimes, or inherit it. Favorite method: Have your ancestors commit the crimes and then inherit it.
  
  --
  Your ad here. Ask me how!
59. Re:Contingencies by Anonymous Coward · 2010-02-25 04:28 · Score: 0
  
  And then google could ban the keywords you search for, like it banned some google dorks...
60. Re:Contingencies by kalirion · 2010-02-25 04:39 · Score: 1
  
  Yes, because it's so easy to become a CEO, right?
61. Re:Contingencies by Hatta · 2010-02-25 04:58 · Score: 1
  
  Hardcode it to fall back to slashdot.org. Make it browse at -1 and look for instructions in AC posts disguised as trolls. Make your trollish AC post from a public wifi behind 7 proxies.
  
  --
  Give me Classic Slashdot or give me death!
62. Re:Contingencies by Anonymous Coward · 2010-02-25 05:02 · Score: 0
  
  TIMTOWTDI, thats the new VW diesel engine designation isn't it?
63. Re:Contingencies by Ungrounded+Lightning · 2010-02-25 05:06 · Score: 2, Funny
  
  That's why counterfeiting is the way to go. You don't have to employ violence, you just print your own money.
  But to be successful at it AND avoid having the Secret Service come down on you, you need to do it by owning a Federal Reserve Bank.
  
  --
  Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
64. Re:Contingencies by snemarch · 2010-02-25 05:07 · Score: 1
  
  Don't overestimate the capability of slashdot readers. Really. Some of the trojans today are pretty darn advanced. The executables have complex layers of encryption and polymorphic mutation, control connections are verified cryptographically (you can't just hack into and disinfect the botnet), et cetera. Try reading malware analysis and reversing blogs :)
  
  --
  Coffee-driven development.
65. Re:Contingencies by Anonymous Coward · 2010-02-25 05:12 · Score: 0
  
  He obviously doesn't live in the corporatist's paradise that is the U.S., complete with the best legal system money can buy.
66. Re:Contingencies by Anonymous Coward · 2010-02-25 05:20 · Score: 0
  
  he said if you were smart.. not sure why you replied.
67. Re:Contingencies by schmiddy · 2010-02-25 05:28 · Score: 1
  
  Good luck running PERL or Python on a windows machine without finding a way to install either on the system first ;)
  Pah. Who needs Windows machines for a botnet? Look, I can start my own botnet right here with a few lines of Python:
  Dear Slashdot readers on *nix machines. Please fire up vi, copy and paste the following text:
  #!/usr/bin/python import socket import botnet botnet.connect() botnet.identify(socket.gethostname()) botnet.accept_control_commands()
  Now, save the file you just created as "/tmp/botnet.py". Run "chmod a+x /tmp/botnet.py", and then run "sudo /tmp/botnet.py". Oh, and you'll have to install the "botnet" Python module first.. you should be able to find it in the Cheeseshop, or if you're on Debian/Ubuntu, just run "sudo apt-get install python-botnet". Thanks for doing your part to make MS Windows obsolete!
  
  --
  http://cltracker.net -- powerful craigslist multi-city search
68. Re:Contingencies by DJoffe · 2010-02-25 05:29 · Score: 1
  
  Really?
  As a matter of fact, by and large, yes, yes, it really is. Especially if you don't want to get caught. Think about it a bit.
69. Re:Contingencies by Asic+Eng · 2010-02-25 05:33 · Score: 4, Insightful
  
  I think you are aiming too low. I'm aware of many factors in which France is better than Germany, others in which the UK is better than France, and yet a different set in which Germany is better than the UK. The US outshines Europe in many areas, but the reverse is also true. Criticism is not hate, and learning from the best will serve you better in the long term than pretending to be the best at everything.
70. Re:Contingencies by Anonymous Coward · 2010-02-25 05:37 · Score: 0
  
  "middle class", what's that?
  
  Oh, you mean what we shipped of to China and India last week?
71. Re:Contingencies by jayme0227 · 2010-02-25 05:46 · Score: 1
  
  The other thing is, many dealers see the prison stint as a badge of honor. It's kind of perverse. Also, once they get there, they have free health care, meals, a roof over their head, and people with similar interests to socialize with. Sure, they're bored all the time, but so are must of us who have jobs.
  
  --
  But then I realized the cable was blue, so I only gave it one star. I hate blue.
72. Re:Contingencies by DJoffe · 2010-02-25 05:50 · Score: 4, Informative
  
  The notion that "anybody can make it in the US if they work hard" is a fairy tale.
  Seriously. Be born rich. That's the way to go.
  The notion that the notion is a fairytale is a fairytale. People love to blindly spread memes like this because they enjoy feeling sorry for themselves, but it simply isn't true:
  Rags To Riches Billionaires: "Almost two-thirds of the world's 946 billionaires made their fortunes from scratch, relying on grit and determination"
  That doesn't mean everyone can end up a billionaire, but it's simply false that this notion that 'anyone can make it' is a fairytale; it's borne out on practically a daily basis. If you open your eyes and look, you'll find true-life rags-to-riches story under every second stone you turn --- especially in the USA, but also these days frequently in places like China. But yeah, not everyone is born hard-working, I guess, so keep sitting and feeling sorry for yourself and you'll definitely ensure that nothing ever changes for you.
  Rags to Riches CEOs
  7 greatest celebrity rags to riches stories
  Rags to Riches
  Entrepreneur takes women from rags to riches
  Rags to Riches billionaires
  Asian American Rags to Riches Sagas
  Case Study: From Rags to Riches (Brenda French)
  Cordia Harrington: From Rags to Riches Success Story
  Local cosmetics magnate reveals rags-to-riches life story
  China: A rags-to-riches story to dream about (Yan Huiyan)
  China’s paper magnate is a rags-to-riches story, literally
  Rags to riches: Bill MacAloney: from orphan to successful business owner to CBA
  From rags to riches: Filipino weavers trade up
  Etc. etc. blah blah ... I could go on pasting these stories in here all day. Nothing worse than listening to whiny losers feeling sorry for themselves that they weren't born rich.
73. Re:Contingencies by Anonymous Coward · 2010-02-25 06:11 · Score: 0
  
  So very defensive.
74. Re:Contingencies by The+Wild+Norseman · 2010-02-25 06:12 · Score: 1
  
  (cue Batman music).
  Don't you mean Botman music?
  
  --
  "A government is a body of people usually -- notably -- ungoverned." -Shepherd Book
75. Re:Contingencies by Anonymous Coward · 2010-02-25 06:17 · Score: 0
  
  Sounds like a DMCA violation if you ask me.
  Why? Because the DMCA specifically allows reverse-engineering? Honestly, the DMCA is evil, but spreading false rumors about it isn't going to help fix the problem. At least people on Slashdot should have some idea what the act actually says.
76. Re:Contingencies by TheLink · 2010-02-25 06:22 · Score: 1
  
  There's no need for all that, just pick an unpatched firefox bug to get in. There have been more than a few.
  
  So now you're in as the user with full user privileges. You can use apparmor to sandbox firefox but in most popular linux distros firefox is not sandboxed by default ( unlike say IE8 on Windows 7 which has some sandboxing). Ubuntu provides an apparmor template for firefox but you need to tweak it in order to actually make it secure (otherwise it doesn't really do enough for security - can read and write from/to too many locations! Yes making it secure would restrict you to saving/open files from just a few places, but why bother having an insecure security template when you are already turning it off by default?). Firefox even makes it hard for you to run it as a separate user process.
  
  Full user privileges is enough for most botnets to run. The malware can listen on ports, make outbound network connections. It can restart itself using cron or at, or by modifying .bashrc to alias popular commands to a malware executable (which could perform the commands but also run itself). Sure a few paranoid geeks might notice, but the rest? I doubt they might notice in time. Maybe you could alias alias itself and ps so they'll show sanitized output ;).
  
  The malware could also alias stuff like sudo and su if it needs root privileges.
  
  The truth is, most malware authors don't bother with attacking "Desktop Linux", not because it is more secure than Windows (it's not that much more secure). It's because there's not much point having a really tiny botnet.
  
  "Server Linux" on the other hand can be worth attacking because the servers themselves often store the actual "Jewels" and might have high bandwidth connections.
  
  People who think Ubuntu is so much more secure than Windows (from a technical POV) are either in denial or ignorant.
  --
  
  Too many replies beneath your current threshold
77. Re:Contingencies by Anonymous Coward · 2010-02-25 06:59 · Score: 1, Informative
  
  You did not successfully argue against the GP. First, you mention 2/3 of the world's billionaires. GP was clearly talking about the US, not the entire world. Second, GP was talking about doing well in life, which is a superset of the billionaire set. Factors contributing to a subset (billionaires) of people doing well in life are not necessarily equivalent to factors to the whole set of people doing well in life.
  As for the rest of your post, anyone can post anecdotes all day long. Anecdotes are not statistically significant.
78. Re:Contingencies by Anonymous Coward · 2010-02-25 07:06 · Score: 0
  
  I guess they could do something even simpler - like grab one of today's slashdot headlines & try that in a couple of days time eg 'micosoftsecretlybeheadsnotoriouswaledacbotnet.ru' or something.
79. Re:Contingencies by sabt-pestnu · 2010-02-25 07:10 · Score: 1
  
  Counterfeits are the prints of thieves, IMO.
  There, fixed that punch line for you.
80. Re:Contingencies by login: · 2010-02-25 07:16 · Score: 1
  
  The idea "anybody can make it if they work hard" IS TRUE. To claim otherwise is silly.
  In my case, I grew up and was one of 2 kids to a single mother (father abandoned the family) who was on welfare.
  Not only am I relatively rich and working in the IT field (not a millionaire but doing well), but *my mom*(who was 25 when this happened) worked her ass off, got a nursing degree, 2 masters later on and now teaches at a University.
  People who whine that hard work don`t get you anything should get out of the way for those of us willing to do it.
81. Re:Contingencies by Anonymous Coward · 2010-02-25 07:28 · Score: 0
  
  I was an immigrant, came to the US at 15. My wife too, different countries. I work in IT. I am a caucasian, my wife is a minority (well, actually, where I live, i'm a minority, but that's a different story). My family was on welfare for 1.5 years when we came to the US. We considered it a shame, we couldn't wait to get off of it. My dad was an architect, in our country, but ended up working in delivery for an office supply company because he had no CAD experience and bad language experience. Our net worth now is in the 7 figures, without doing anything illegal. I've been lucky that I have a wife that makes close to my money (together we pull about only about 170k/yr, both working in IT). We own two houses in the US, working on a third. I am planning to do the seven summits.
  We live within our means more or less -- our cars are both 10 years old, but they are good cars (both lexus). We don't have kids, but we support two sets of elderly parents. When we travel, we don't have to stay at expensive hotels, or eat at expensive restaurants. My wife carries an REI clearance bag, not a Louis Vuitton. We never pay full price for stuff like clothes. We slowly renovated the two houses with top of the line fixtures.. but all bought at 50% or less, because we don't rush.
  So stop whining. You can do it. The catch is, you need to work hard, but also work smart. And don't just depend on your earnings, you need to make investments.
82. Re:Contingencies by martyros · 2010-02-25 07:48 · Score: 3, Informative
  
  The notion that "anybody can make it in the US if they work hard" is a fairy tale.
  Whom do you know who has worked hard and yet failed to secure a comfortable life for themselves? Millions of immigrants prove you wrong by coming with almost nothing, starting restaurants / laundry shops / convenience stores, and then sending their kids to college to become doctors and lawyers.
  Sure, if you want to become filthy rich, you need a lot of breaks: talent (not necessarily the "getting good grades" kind of talent), opportunity, and drive. But I don't know anyone who worked hard at improving their situation who is still poor.
  
  --
  TCP: Why the Internet is full of SYN.
83. Re:Contingencies by martyros · 2010-02-25 07:55 · Score: 1
  
  In Freakonomics, there's actually a chapter about the economic structure of drug gangs. They found out that the people who actually do the selling on the streets are actually very poorly paid. Much like McDonalds: peons get minimum wage, regional managers make a bucketload, the guys at the top are rolling in it. Except your chances of getting shot at McDonalds are way lower. A lot of the guys the researcher met actually asked him about jobs as janitors at his university -- better pay, better working conditions, and lower chance of getting murdered.
  That was only one drug gang, so it might not generalize. But it makes some sense that if McD's can find millions of peons to work for peons, drug cartels can take advantage of the same socio-economic conditions and achieve the same results.
  
  --
  TCP: Why the Internet is full of SYN.
84. Re:Contingencies by Anonymous Coward · 2010-02-25 09:09 · Score: 0
  
  Nice list of fairy tales there! I personally enjoy Berenstein Bears and the Billion Bucks.
85. Re:Contingencies by Anonymous Coward · 2010-02-25 09:13 · Score: 0
  
  Almost two-thirds of the world's 946 billionaires made their fortunes from scratch, relying on grit and determination
  Or to put it another way: there are 6 000 000 000 people in the world and out of the 946 richest an entire third were given their wealth.
86. Re:Contingencies by PopeRatzo · 2010-02-25 09:36 · Score: 1
  
  I work in IT.
  You made my point for me. You came all the way to the US and all you've got is a crappy IT job.
  
  --
  You are welcome on my lawn.
87. Re:Contingencies by PopeRatzo · 2010-02-25 09:38 · Score: 1
  
  You did not successfully argue against the GP.
  Let him go. He's on a roll, and he's only talking to himself, anyway.
  
  --
  You are welcome on my lawn.
88. Re:Contingencies by stonewallred · 2010-02-25 10:25 · Score: 1
  
  Ah, a little bleach, a good printer and a copy of Photoshop 5. All of it available for less than 100 bucks. Take 1 and bleach, print 20s. Take 10 and bleach, print 50s and 100s. Take counterfeit bills on road trip and watch the drones in the gas stations and stores use their little markers to check the bills. Confidently pay for your purchases, minor though you do want bunches of change, and watch in amusement as the drone swipes you bill with the magic fail safe marker, sticks it into the cashdrawer and hands you your change. Once your road trip lands you in Vegas, go convert you change, real money as the casinos will break your legs, to chips, gamble a little, then after a few days cash out all that wonderful winnings, declare your tax liability and go home to enjoy your money.
89. Re:Contingencies by stonewallred · 2010-02-25 10:32 · Score: 1
  
  I have a "friend" who while attending the local college, also sells parley tickets for the college and NFL. For the non-gamblers these tickets have the player bet a small amount 1-10 bucks for a chance to pick 4 or more games and pick the winner of each game. If all your picks are correct you win.And you have the point spread to deal with, and ties using the spread count as a loss, and if you successfully pick four winning teams you get paid 4 dollars for ever dollar you bet. This "friend" pays his tuition and buys all his books for the entire year, and puts a nice amount of cash in his pocket, each season.
90. Re:Contingencies by jonadab · 2010-02-25 10:50 · Score: 1
  
  > Even if the control machines loose DNS resolution,
  > might not the botnet be configured to fall back to
  > connecting to well known IP addresses to accept
  > commands? Seems like the logical thing to do if
  > you are creating an illegal network...
  
  In the first place, if the control machines loosed DNS resolution, then one supposes the computer would become more useful to its owner, with such an important facility once again available.
  
  Beyond that, one imagines that if the people who were shutting the thing down went to all the trouble to get secret court orders and stuff, one imagines they probably also studied the infection agent in a lab environment to determine its behavior profile before taking action in the wild. They may have even disassembled it and studied the code, but at the very least one supposes they ran a few basic tests, along the lines of "What happens when the nameservers start disavowing all knowledge of the c-and-c sites?" That's pretty basic stuff.
  
  --
  Cut that out, or I will ship you to Norilsk in a box.
91. Re:Contingencies by Neoprofin · 2010-02-25 10:56 · Score: 1
  
  So you have nothing to say of the German system that segregates it's lower education based on "intelligence" (read "the level of education/success achieved by your parents) completely cutting off entire populations from various career paths unless they're willing to take a more roundabout path to accomplish something many of their peers are readily handed.
92. Re:Contingencies by Thinboy00 · 2010-02-25 11:18 · Score: 1
  
  Ubuntu provides an apparmor template for firefox but you need to tweak it in order to actually make it secure (otherwise it doesn't really do enough for security - can read and write from/to too many locations! Yes making it secure would restrict you to saving/open files from just a few places, but why bother having an insecure security template when you are already turning it off by default?). Firefox even makes it hard for you to run it as a separate user process.
  I didn't tweak it myself, but when I looked at it, I found that it had somehow tweaked itself:
  
  # for maximum plugin/helper compatibility
  #/usr/bin/* Uxr,
  #/usr/lib/*/** ixr,
  #
  # For stricter access, comment out the 'maximum plugin/helper compatibility'
  # lines above and uncomment these
  #
  [several uncommented lines relating to plugins]
  
  --
  $ make available
93. Re:Contingencies by jonadab · 2010-02-25 11:32 · Score: 1
  
  > If I wrote malware (I don't), I'd use google, other
  > search engines and maybe even twitter (but that's
  > probably covered by search engines nowadays) to search
  > for new instructions :).
  
  And use public-key cryptography to verify their authenticity, yeah.
  
  Fifteen years ago I was thinking usenet would be the way to go. Kiboze a moderate-traffic newsgroup with a propensity for off-topic randomness (like, say, alt.dreams) for any message containing a given key phrase, look for instructions, and yeah, check that the message is cryptographically signed to ensure authenticity.
  
  But these days, the web is probably a more reliable way to go.
  
  Another possibility would be to (ab)use one or more third-party websites that allow comments from anonymous users. If the site in question allows images (like, say, 4chan), the cryptographic signature could even be embedded, via steganography, in the image, so that ordinary users of the site wouldn't even see it. The instructions, for that matter, could also be hidden like this. All you have to put in the easily-searched text is a trigger phrase (which just serves to limit how many of the messages have to be examined in detail for instructions; if a message doesn't have the trigger phrase, you don't even have to retrieve the associated image).
  
  Someone attacking the botnet, of course, could easily find your instructions, once they analyze one of the infection agents and figure out what to look for. But if the instructions are signed with a private key and verified with a public key, it would be difficult to forge phony instructions.
  
  One problem with abusing an innocent third-party site is that they might view your use as hostile and therefore might be inclined to cooperate with an effort to shut down the botnet. So you wouldn't want to rely on just one.
  
  So yeah, generic web search is probably a good way to go. Program your instruction-gathering code with a list of sixty or eighty search engines in thirty or forty different jurisdictions and watch the people attacking the botnet try to get all of your command-and-control stuff delisted from all of them. That could be quite the challenge.
  
  Someone could flood the web with a bunch of bogus instructions, but the signatures wouldn't check out. The zombies would have to sift through all the haystacks to find the needles, but computers are relentless and fast and could probably cryptographically check tens of thousands of search results per hour, so they WOULD find their actual instructions eventually.
  
  This is kind of scary, actually.
  
  If the infection agent checked the search engines in the same order every time and exhausted all the results on each before moving on to the next, the first search engine on the list could shut the whole thing down by identifying searches for the trigger, showing ONLY results that DON'T contain the "correct" signature, and continuing to show additional pages of results indefinitely so the thing would never move on to the next engine. But that could be easily worked around by making the thing check results from several search engines simultaneously. It could for instance be set up so that any given instance would check, say, the two search engines that you really prefer to use, plus one or two more picked at pseudorandom from the list.
  
  Off the top of my head, I'm not sure how you would go about shutting down something like that, other than by tracking down the actual operator and arresting him.
  
  --
  Cut that out, or I will ship you to Norilsk in a box.
94. Re:Contingencies by jonadab · 2010-02-25 11:50 · Score: 1
  
  > Full user privileges is enough for most botnets
  > to run. The malware can listen on ports
  
  Actually, no. I mean yes, if you only want to listen on 127.0.0.1, but if you want to actually receive incoming traffic from the outside world, you're going to have to use iptables to make the appropriate adjustment. Only the superuser can do that.
  
  (However, a botnet agent doesn't actually need to listen on ports in order to operate. It can make connections as a client and retrieve instructions from a command-and-control server, and Bob is its uncle.)
  
  > most malware authors don't bother with attacking "Desktop
  > Linux", not because it is more secure than Windows (it's
  > not that much more secure). It's because there's not much
  > point having a really tiny botnet.
  
  Actually, it's more like it's not worth having a whole bunch of really tiny botnets, or writing eight times as much code to get the same agent to work on all systems. Desktop Linux is not a monoculture like Windows. Let's just take, for example, one of your statements:
  
  > The malware could also alias stuff like sudo
  > and su if it needs root privileges.
  
  To cover all the bases, you need to alias, and reproduce the interface of, at *least* the following: su, sudo, gksudo, gksu, kdesudo, kdesu, and that's just the ones I happen to know about.
  
  And it's not just privilege escalation. Everything is like that in the Unix world. Everybody uses slightly different stuff. There's no one target.
  
  --
  Cut that out, or I will ship you to Norilsk in a box.
95. Re:Contingencies by nedlohs · 2010-02-25 12:02 · Score: 1
  
  Was your point that you are an idiot?
  Most of humanity is happy with getting from ppor to well of. They don't care that they aren't "rich" by your definition of "rich".
96. Re:Contingencies by jonadab · 2010-02-25 12:12 · Score: 1
  
  > or I could pull a kitchen knife from my home,
  > go around to the closest atm, wait for someone
  > to stick in their pin, and have all of their money!"
  
  Yes, but on average this costs you more than working a regular job. Edwin Windsor lectures one of his clients on some hair-brained criminal scheme very much like this in How to Succeed in Evil, and he hits the nail on the head. I shall attempt to apply his logic to your suggestion...
  
  Assuming you successfully complete your mission and empty the victim's bank account, how much money do you make? No, that's a premature question. How much money do you *take*, gross? How much money is in a typical person's bank account? Perhaps five hundred dollars? And assuming he has a couple of credit cards, how much can you get out of those, on the spot (before he goes and reports them stolen)? A few hundred more? Let's say, for the sake of argument, that you could get as much as a thousand dollars each time. Statistically speaking you wouldn't actually average that much, but let's say you did.
  
  Unfortunately, that's only your gross revenue. To calculate how much you actually *make*, we have to subtract out the expenses. For example, there's the risk of getting caught. How many times can you expect to conduct this operation, on average, before you get caught? Ten times? Twenty? Fifty? Let's suppose you only get caught, on average, once every hundred times. This is very unlikely (forty or so is closer in reality), but stay with me.
  
  So we'll calculate the expense of the *risk* of getting caught, on each occasion, as one-one-hundredth of the cost of *actually* getting caught once. For armed assault and robbery, you're looking at, what, ten years in jail? So the cost of the risk of getting caught, one one occasion when you steal two thousand dollars, is 1/100 times the value of ten years of your life. How much is your life worth?
  
  We'll imagine, for the sake of argument, that the ability to spend your free time wherever you like is worth nothing to you. It's difficult to quantify anyway.
  
  That leaves the matter of what your time at work would be worth, if you were gainfully employed. While in prison, you can't earn any money, so earning money is part of the opportunity cost of spending time in jail.
  
  Suppose the best job you can get pays only eighteen thousand dollars a year. That makes your wages, over the course of ten years, a hundred and eighty thousand dollars. 1/100 of that is $1800. This is part of (not all of, mind you, just part of) the cost you incur each time you mug someone at the ATM, on average. So even though you were hoping to make a thousand dollars gross, your net income is actually some eighteen hundred less than that (and, actually, even less when other expenses we're ignoring are taken into account). So mugging someone at the ATM actually costs you, on average, eight hundred dollars, each time you do it.
  
  As Edwin pointed out (to Lifto the Magnificent IIRC), if a particular crime earns you less money than ordinary legally-kosher employment, perhaps you should find a different law to break.
  
  --
  Cut that out, or I will ship you to Norilsk in a box.
97. Re:Contingencies by jonadab · 2010-02-25 12:38 · Score: 1
  
  > That's why counterfeiting is the way to go. You don't
  > have to employ violence, you just print your own money.
  
  Counterfeiting has a big disadvantage: it automatically falls under federal jurisdiction and is investigated by the FBI and/or the secret service, as opposed to just local law enforcement.
  
  I would say, for a person with no moral scruples at all, speaking strictly economically, the most advantageous and lucrative form of crime is most likely some form of non-violent white-collar crime, probably involving social engineering, conducted in (a series of) small towns where the local law enforcement is not accustomed to dealing with professionals.
  
  For one thing, in almost all cases, if you get caught, there's not going to be enough evidence to take you to court. Because, if you get caught, it's going to be when the victim realizes something is up, *before* you walk away with the money. The police will speak to you sternly and tell you to be good, and then you leave.
  
  Once you actually have the money, you leave, and nobody knows who you were (you do NOT show anyone ID in this profession, and you leave your car and walk to any place where people are going to see you and connect you with what you're doing), and the amounts of money you're dealing with are too small to bring in the feds. Local law enforcement has nothing on you, cannot identify you, and does not know if you are even still in town, which you're not.
  
  --
  Cut that out, or I will ship you to Norilsk in a box.
98. Re:Contingencies by jonadab · 2010-02-25 12:56 · Score: 1
  
  > The notion that "anybody can make it in
  > the US if they work hard" is a fairy tale.
  
  That depends on how you define "make it". If you're talking about being a multi-billionaire, yeah, that's probably out of reach for most of us. But if we're talking about having significantly more than your parents had (which is, traditionally, the American dream), that's very much attainable.
  
  --
  Cut that out, or I will ship you to Norilsk in a box.
99. Re:Contingencies by jonadab · 2010-02-25 13:07 · Score: 1
  
  A hardcoded authentication string is no good, because anyone who gets their hands on and analyzes one of the infected systems can find out how to forge the commands.
  
  To prevent this, you need public-key cryptography. Which means the communication channel has to have enough bits to accommodate the cryptographic signature.
  
  --
  Cut that out, or I will ship you to Norilsk in a box.
100. Re:Contingencies by TheLink · 2010-02-25 21:47 · Score: 1
  
  > if you want to actually receive incoming traffic from the outside world, you're going to have to use iptables to make the appropriate adjustment. Only the superuser can do that.
  
  Ubuntu 9.10 allows all traffic by default, ufw is available but from what I see it is not activated by default. OpenSUSE starts SuSEfirewall2 by default. I have no stats but my guess is Ubuntu is more popular than OpenSUSE (yast was pretty crappy - slow and used lots of RAM for package management, I haven't bothered to check if they've finally fixed that).
  
  If you do not need root/full system privileges, it's not that hard to write a cross platform bot :). Making http and TCP connections, and sending UDP packets is the same if you use something like perl/python :). If the AV people just assumed that all py2exe or pp stuff is malware they'd have lots of false positives.
  
  OSX may be worth targeting nowadays, or at least in the near future. Lots of flaws, lower security than windows, significant market share.
  --
  
  Too many replies beneath your current threshold
101. Re:Contingencies by TheLink · 2010-02-25 22:08 · Score: 1
  
  No that's not what I'm talking about.
  
  The ubuntu apparmor template allows firefox to read and write from/to too many places in the user's home directory.
  
  Go look again and see:
  # allow read and write to all user's files, except explicitly denied ones
  @{HOME}/ r,
  @{HOME}/** rw,
  @{HOME}/Desktop/** rw,
  
  It's a "neither here nor there" template - that is not strict enough to be secure, nor loose enough to be acceptable to users who prefer convenience over security.
  
  Go look at the template again but this time from the point of view of: "Assuming firefox is taken over by a hacker, what can you safely allow it to access - e.g. read, write, modify?".
  
  OK to access (read/change) all your documents? Yes the .ssh directory is blocked but how about the other files and directories with names starting with "."?
  
  If the apparmor template is still not safe in the case where firefox has been taken over, why bother having it in the first place?
  --
  
  Too many replies beneath your current threshold
102. Re:Contingencies by onepoint · 2010-02-26 05:44 · Score: 1
  
  I don't think I am overestimating, I am rather confident that given a problem, it being presented to the Slashdot user-base, I would have a viable solution within 3 days. I might find a couple of odd ball solutions, but a solution is a solution.
  with 30000 daily readers ( I'm guessing with that number ) I am sure that someone knows the answer
  
  --
  if you see me, smile and say hello.
103. Re:Contingencies by Deathlizard · 2010-02-28 07:49 · Score: 1
  
  a little late to reply, but yep. The original post was just to illustrate how easy it is to setup a botnet using an existing public P2P network. I would expect any bot herder worth their salt to use some encryption scheme to protect their command structure.
  Since most P2P's can search Via file hash, it should be trivial to make a encrypted command disguised as a file hash in a public P2P, but Ideally the Public P2P network would only be used to link the bots together, and they would join their own encrypted private P2P network and disconnect from the public one once enough peers are established to maintain the private P2P, but considering that a public P2P is an excellent place to gather users (Ex: Try seaching for a random mashing of keys. Now explain to your average 12 year old why "New Hit Single sdjfhdjf Ft. Lady Gaga.wma" isn't a good Idea to download) I don't see why you would want to disconnect from the public one.
  
  --
  In Soviet Russia, Trojan exploits YOU!
contingencies by symes · 2010-02-25 01:51 · Score: 1

Probably a one off - botnet designers will now write in contingencies so that access can be re-established in the event of visible domains being taken off-line. In fact - i'd be surprised if Waledac didn't rise from the dead.
Can they recover from this? by jonwil · 2010-02-25 01:52 · Score: 1, Insightful

Presumably if Microsoft have done their homework, they have identified every possible machine that these bots could try to contact to receive new instructions (such as new SPAM messages to send) and had VeriSign disable every domain name so it cant be registered or used.
Does this mean the botnet is dead?
If so, great. And lets hope people are working to repeat the excercise and block the domain names used for control of any other botnets that talk to specific servers by name for instructions.
Methods - Ends Justify the Means? by Cyner · 2010-02-25 01:53 · Score: -1, Flamebait

While I applaud all serious efforts to take down botnets; the fact that it was all done secretly by private corporations (and a little government nod) smacks of corporate warfare, and I have to wonder what kind of president this sets.

--
FreeBSD.org - The power to serve
1. Re:Methods - Ends Justify the Means? by BhaKi · 2010-02-25 01:56 · Score: 1
  
  It's not "president". You probably meant "precedent".
  
  --
  The largest prime factor of my UID is 263267.
2. Re:Methods - Ends Justify the Means? by Anonymous Coward · 2010-02-25 01:57 · Score: 0
  
  I'm all for corporate warfare. It's what keeps our insurance rates high and phone contracts long.
3. Re:Methods - Ends Justify the Means? by Anonymous Coward · 2010-02-25 01:59 · Score: 0
  
  While I applaud all serious efforts to take down botnets; the fact that it was all done secretly by private corporations (and a little government nod) smacks of corporate warfare, and I have to wonder what kind of president this sets.
  A black one, apparently...
  ZING! That's two puns in one, bitches!
4. Re:Methods - Ends Justify the Means? by Anonymous Coward · 2010-02-25 02:01 · Score: 0
  
  Sets up the CEO more than the president I'd say.
  Did you mean precedent by any chance?
5. Re:Methods - Ends Justify the Means? by Anonymous Coward · 2010-02-25 02:01 · Score: -1, Offtopic
  
  ... I have to wonder what kind of president this sets.
  * gluing shut mouth to stop self from making lame jokes *
6. Re:Methods - Ends Justify the Means? by OzPeter · 2010-02-25 02:30 · Score: 4, Funny
  
  It's not "president". You probably meant "precedent".
  No he really does mean "president". You see, now that Bill isn't there, Microsoft has this big tank of goop out in the back, and whenever they need a new VP to make a bold policy change they open a valve and flow the goop into a person shaped mould. Then they have to let it harden or "set". After which time they decant the new president and set him to work
  Thus the OP was expressing his concern for the Zombie like creatures that this policy has brought to (semi) life
  He must be a member of PETZ
  
  --
  I am Slashdot. Are you Slashdot as well?
7. Re:Methods - Ends Justify the Means? by NatasRevol · 2010-02-25 03:47 · Score: 1
  
  Wow, that's precedent setting!
  
  --
  There are two types of people in the world: Those who crave closure
8. Re:Methods - Ends Justify the Means? by chill · 2010-02-25 04:42 · Score: 1
  
  Precedent jokes aside, the answer to your question is "none".
  As Microsoft controlled accounts (@hotmail and @msn) were being affected, either as sources or targets of the illegal activity, MS was an injured party and thus had standing to sue and seek redress.
  They (obviously) presented enough evidence to a court to get a temporary restraining order. That order -- a government order, not a private company one -- was served to Verisign who handled the domains. Verisign complied with a legal order to temporarily lock the domains, preventing ongoing harm.
  Verisign probably notified the customers of record of the action -- after the action, of course. Since it was in compliance with a legal order, the defendants are free to have their lawyers contact the court and present evidence that the domain lock harms their business and they were wrongfully accused. If they can convince a judge, they will order Verisign to remove the lock.
  Either way, the case can proceed and the entire thing can be hashed out legally.
  This is the way it is supposed to happen.
  
  --
  Learning HOW to think is more important than learning WHAT to think.
Reactionary? by aussersterne · 2010-02-25 01:57 · Score: 1

I do not think that word means what you think it means.

--
STOP . AMERICA . NOW
1. Re:Reactionary? by bjohnson · 2010-02-25 11:47 · Score: 1
  
  I like the 'court-ordered vigilantism', myself.
most likely not dead by someone1234 · 2010-02-25 01:59 · Score: 1

If i was a botnet author, i would keep a list of my zombies and code the bots in a way they respond to a secret password.
Thus it doesn't really matter if a command center is down, i could just start a new one and it reclaims all orphaned zombies.
Cutting a few command centers is futile.
The only solution is to burn all zombies overnight and prevent reinfection.

--
Patents Drive Free Software as Hurricanes Drive Construction Industry
1. Re:most likely not dead by Tom · 2010-02-25 02:07 · Score: 1
  
  If i was a botnet author, i would keep a list of my zombies
  Which would leave a trace back to you, because that list has to be assembled somewhere.
  
  --
  Assorted stuff I do sometimes: Lemuria.org
2. Re:most likely not dead by jonwil · 2010-02-25 02:20 · Score: 1
  
  Given the way these worms/trojans spread and the sort of PCs they are most likely to infect, even if you COULD compile a list of valid IP addresses its a good bet that those machines would be
  A.No longer infected (because its been cleaned by the Windows Malicious Software Removal Tool or by anti-virus or by a re-image of the computer from a recovery partition/CD/DVD or a standard corporate disk image)
  B.Firewalled off (corporate networks etc)
  C.Running behind NAT (again corporate networks using NAT or home users with a router and a single world-routeable IP address from their ISP)
  or D.Running on a different IP address (home broadband users with no computer know-how at all, a PC directly connected to the internet via a broadband modem in bridge mode, no firewall and a dynamic IP address assigned by their ISP are one of the biggest groups when it comes to bot infected PCs)
3. Re:most likely not dead by Anonymous Coward · 2010-02-25 02:25 · Score: 0
  
  Or some poor twats open wireless AP...
  I'd say hand in geek card, but you have a triple digit ID, so instead I will give you solid bars of gold.
  _
  /_\
  Screw it, you're only getting one... maybe, i'm too lazy to bother fixing it. Please don't kill me.
4. Re:most likely not dead by cpghost · 2010-02-25 06:08 · Score: 1
  
  If i was a botnet author, i would keep a list of my zombies and code the bots in a way they respond to a secret password.
  Well, bots could in fact contact a C&C, and the C&C could send them a new password to reseed the random number generator that creates the domain names. This way, the whole sequence of C&C domains changes to something completely different and any pre-computed list of domains that the court has ordered to be blocked would soon become obsolete. However, if someone managed to knock all C&C's down before they updated the zombies with a new seed, all those zombies would be effectively orphaned... as long as the whole sequence of random domains that they could create has been locked preemptively as well (or a very long prefix of it so that it takes the zombies years to reconnect).
  
  --
  cpghost at Cordula's Web.
5. Re:most likely not dead by Tom · 2010-02-25 21:56 · Score: 1
  
  Makes no difference.
  Single point of failure == single point of contact. Do you really think they wouldn't be able to trace you on an open AP? For some driveby hacking, that's fine. But a botnet of any size? It's pretty trivial to trap you.
  
  --
  Assorted stuff I do sometimes: Lemuria.org
Nice job, but... by gravyface · 2010-02-25 02:00 · Score: 0

if Waledac's been so successful (and is still valuable), how hard would it be for the authors to push out some DNS hijacking hacks that quietly redirect those domains to another host?

--
body massage!
Microsoft Secretly Beheads... by Anonymous Coward · 2010-02-25 02:02 · Score: 0

What a title! At first glance, I thought Microsoft was outed cutting off people's heads, but no, they just shut down a botnet.
Law Enforcement by mcelrath · 2010-02-25 02:02 · Score: -1

Wouldn't it be nice if law enforcement successfully operated on the intertubes? Why does it take a lawsuit by Microsoft to perform this kind of action? Why does my mail server still have 95% of incoming mail criminal in nature?
A man can dream...

--
1^2=1; (-1)^2=1; 1^2=(-1)^2; 1=-1; 1=0.
1. Re:Law Enforcement by Anonymous Coward · 2010-02-25 02:18 · Score: 0
  
  What the fuck are you smoking? Do you really want trigger-happy law enforcement officers to shut domains down left and right with no judicial review whatsoever? Like oh let's say cryptome.org or wikileaks.org.
  M$ did the right thing here--kudos to them.
2. Re:Law Enforcement by gravyface · 2010-02-25 02:50 · Score: 1
  
  Right back at you, AC: what the fuck are _you_ smoking? I was referring to the authors of the Waledac's botnet, not law enforcement officials... on second thought, I'm not even sure if you're replying to the right comment, that's how fucking high you are.
  
  --
  body massage!
3. Re:Law Enforcement by Anonymous Coward · 2010-02-25 05:27 · Score: 0
  
  Please re-check the comment chain.
Another Baby Step Towards Total Control by Anonymous Coward · 2010-02-25 02:03 · Score: 0, Troll

The internet is being taken over by Government and their corporate buddies.
Welcome to 1984.
1. Re:Another Baby Step Towards Total Control by happy_place · 2010-02-25 02:26 · Score: 1
  
  In 1984 only the government owned the internet. It was called Darpa.
  
  --
  http://www.beanleafpress.com
So much for "covert"... by rclandrum · 2010-02-25 02:05 · Score: 1

I wonder if the spammers follow Slashdot?
1. Re:So much for "covert"... by Anonymous Coward · 2010-02-25 02:12 · Score: 0
  
  It was done on the 22nd of Feb, it's now the 25th... I don't think /. reporting the article 3 days later qualifies as spilling the beans... it's okay to talk about covert operations after they're over...
2. Re:So much for "covert"... by NatasRevol · 2010-02-25 04:03 · Score: 1
  
  Apparently not.
  MSFT had cryptome.org taken down under DCMA charges.
  http://wikileaks.org/
  for this:
  http://file.wikileaks.org/files/microsoft-spy.pdf
  http://cryptomeorg.siteprotect.net/
  
  --
  There are two types of people in the world: Those who crave closure
3. Re:So much for "covert"... by jonadab · 2010-02-25 13:10 · Score: 1
  
  > I wonder if the spammers follow Slashdot?
  
  Umm, once the botnet was shut down, I suspect they became aware of it more or less immediately anyway.
  
  The "covert" part was not giving them any warning in advance, so that they didn't have time to push out updates to work around what was being done.
  
  --
  Cut that out, or I will ship you to Norilsk in a box.
I have a feeling by BhaKi · 2010-02-25 02:07 · Score: 1

that VeriSign is not going to approve.

--
The largest prime factor of my UID is 263267.
drones by Max_W · 2010-02-25 02:09 · Score: 1

1,5 billions of spam messages per day. Multiply each message by 10 seconds of working time it takes to activate e-mail window and delete the spam-message, and it becomes clear what damage to the word economy it brings. Let alone disrupted work-flow.
It is the weapon of mass economic destruction.
Such spammers should be warned, once, twice, and if they do not cool down a drone should come above their building and shoot a "Hellfire" missile right into the server room.
Or at least black-clad agents should enter the server room and sprinkle some special solution into the spam-servers, which becomes conductive after some time and shortcut.
This I would call a mild government response.
1. Re:drones by argent · 2010-02-25 02:45 · Score: 1
  
  So you want Mossad to take over antispam operations, then?
2. Re:drones by Anonymous Coward · 2010-02-25 06:14 · Score: 0
  
  1,5 billions of spam messages per day. Multiply each message by 10 seconds of working time it takes to activate e-mail window and delete the spam-message, and it becomes clear what damage to the word economy it brings. Let alone disrupted work-flow.
  It is the weapon of mass economic destruction.
  Such spammers should be warned, once, twice, and if they do not cool down a drone should come above their building and shoot a "Hellfire" missile right into the server room.
  Or at least black-clad agents should enter the server room and sprinkle some special solution into the spam-servers, which becomes conductive after some time and shortcut.
  This I would call a mild government response.
  On the contrary, the economy is helped the need for commercial spam filtering solutions.
3. Re:drones by John+Hasler · 2010-02-25 06:26 · Score: 1
  
  No. They'd suffocate the head spammer (or someone they mistook for the head spammer) with a pillow. Sounds like he wants to send in the SEALs. "Conductive solution" is silly though. Satchel charges work fine.
  
  --
  Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
4. Re:drones by stonewallred · 2010-02-25 10:43 · Score: 1
  
  Just tell the jews the spammers were involved with the german nazis. That would be then end of fucking spam forever right there. And no, this is not a Godwin's Law violation.I happen to think the jews of Israeli are some of the baddest tribe of humanity to ever walk the face of the planet. They have some rules in their book, but they ignore them. "An eye for an eye you say? Fuck that! We are taking his head, his kidneys, his entire family and the fucker that served him a camel steak sandwich three years ago" and that my /. friends and enemies is what makes them some bad MFs.
5. Re:drones by jonadab · 2010-02-25 13:16 · Score: 1
  
  You're too kind.
  
  I say, let the punishment fit the crime. Convicted spammers should be locked in a cell where a computer voice reads aloud every single message they sent, in full, once for each person they sent it to. And it should be paused any time they fall asleep, and resume from the beginning of the current message when they awaken. And they should not be let out of the cell for any reason until they listen to every single one.
  
  And they should have Spam for supper every night, the whole time.
  
  --
  Cut that out, or I will ship you to Norilsk in a box.
Deactivated? by gmuslera · 2010-02-25 02:09 · Score: 2, Insightful

New set of domains acquired and botnet spamming again in 3..2..1..
1. Re:Deactivated? by John+Hasler · 2010-02-25 06:35 · Score: 1
  
  How do the bots find out what the new domains are?
  
  --
  Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
It pains me to say this... by MrNaz · 2010-02-25 02:09 · Score: 5, Funny

... but HOORAY FOR MICROSOFT!

--
I hate printers.
1. Re:It pains me to say this... by flyneye · 2010-02-25 03:02 · Score: 1
  
  At first I was struck by the positive implications of Microsofts move, and pretty happy about it.
  Then I just had to wonder, just how are they going to profit from it and make me suffer for it , as the routine goes.
  
  --
  *Repent!Quit Your Job!Slack Off!The World Ends Tomorrow and You May Die!
2. Re:It pains me to say this... by Anonymous Coward · 2010-02-25 03:10 · Score: 2, Interesting
  
  Whenever I see Microsoft pull off some sophisticated maneuver like this to nail some online crooks, my thought is always this: "and that's REALLY easier than just securing Windows exploits in order to prevent such botnets from forming in the first place?!?!" Do they have more lawyers than programmers?
3. Re:It pains me to say this... by eyrieowl · 2010-02-25 03:20 · Score: 3, Insightful
  
  I think it's something along the lines of closing the barn door after the horse has left. The insecure OS installs are out there, and there's not much they can do to make them secure after the fact. I mean, they *could* go really black-ops and push security updates using botnets and whatnot...but I imagine the hue-and-cry would make the Sony rootkit dispute look like fan-mail.
4. Re:It pains me to say this... by NatasRevol · 2010-02-25 03:21 · Score: 0, Flamebait
  
  Hooray for Microsoft?!?!?
  Instead of fixing the problem, they just *very* temporarily blocked some of the access to it.
  Sounds about right.
  
  --
  There are two types of people in the world: Those who crave closure
5. Re:It pains me to say this... by Anonymous Coward · 2010-02-25 03:24 · Score: 0
  
  Your sig says it all, really.
6. Re:It pains me to say this... by Runaway1956 · 2010-02-25 03:27 · Score: 0, Troll
  
  Wait - Microsoft supplies the motive power to the botnets to start with - hooray, when they finally shut one down? Big deal - it will be replaced before the day is out, I'm sure.
  Now, MS WOULD deserve an attaboy, if they managed to create a popular operating system that is as immune to botnets as the various Unix derivatives. Not a big hooray, just an "attaboy".
  
  --
  "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
7. Re:It pains me to say this... by xxuserxx · 2010-02-25 04:58 · Score: 1
  
  And what exactly did you do to try and fix the problem? Oh thats right...nothing.
8. Re:It pains me to say this... by newdsfornerds · 2010-02-25 05:52 · Score: 1
  
  Yay! Microsoft is the vanguard of Intarweb security. Yeah, going way beyond the call of duty ;)
  
  --
  Damping absorbs vibrations. Dampening is caused by moisture.
9. Re:It pains me to say this... by lgw · 2010-02-25 07:13 · Score: 1
  
  Now, MS WOULD deserve an attaboy, if they managed to create a popular operating system that is as immune to botnets as the various Unix derivatives
  How could you possibly imagine that "various Unix derivatives" are immune to becoming bots? Most botnets spread through trojans these days, and only "trusted" computing can prevent the user from installing malware. Dancing pigs will always win in the end, and the only way to stop that is to get some form of trusted computing that isn't subverted for DRM.
  Heck, even simple "drive-by" privilege-escalation attacks would work pretty well against most distros. You might convince me that "getting root" is hard in SecureBSD or SE Linux, but the common distros?
  
  --
  Socialism: a lie told by totalitarians and believed by fools.
10. Re:It pains me to say this... by NatasRevol · 2010-02-25 07:14 · Score: 1
  
  So....you want me to fix Microsoft's security problems?
  Get off the crack buddy.
  
  --
  There are two types of people in the world: Those who crave closure
11. Re:It pains me to say this... by hairyfeet · 2010-02-25 07:49 · Score: 1
  
  The problem is, and as someone who works on the damned things every damned day I know of which I speak, that a good 85-90% of the time the problem is NOT Windows, I repeat NOT Windows, but the totally shitty default policies of the OEMs.
  Let me give an example-Just the other day I had this girl bring in this Gateway XP Home. This thing had over 1000 pieces of spyware/malware/nasties (which is typical) and you know when the last time that thing had a Windows update? At the factory in 2004! Hell it was still at SP2 for the love of Pete!
  You see, I've found a properly updated Windows box is actually pretty hard to infect, so what does the OEMs do? Turn off autoupdates at the factory! Now the customer he/she don't have a clue, and certainly aren't expecting their brand new PC to be crippled at the factory, so they don't change anything, and the cycle continues. Just today a girl dropped off one of those Vista Basic "Best Buy Specials" completely infected, and of course not a single update since RTM in 2007.
  So if you want someone to blame for the massive botnets, blame the OEMs. A default non OEM Windows install recommends you turn on autoupdates for safety and has that choice set as default. The OEMs pre-activate Windows with some lame admin account like "HP_User" and turn off autoupdates thus leaving the machine vulnerable from the factory. To use a /. car analogy-nobody would expect to buy a brand new car with the brakes tampered with from the factory, would they? So why doesn't everyone have a fit about the OEMs creating "ready to pwn" botnet bait PCs?
  
  --
  ACs don't waste your time replying, your posts are never seen by me.
12. Re:It pains me to say this... by CrossChris · 2010-02-25 08:10 · Score: 0, Troll
  
  You see, I've found a properly updated Windows box is actually pretty hard to infect,
  
  It actually takes between 30 seconds and 2 minutes for the Windows machine to get its first infection. After 10 minutes it will be riddled with crap to the point of uselessness - and this is a "Fully Patched" Windoze 7 install.
  
  Security is something other people do, according to Microsoft.
  
  A whole series of stupid decisions way back when the NT kernel was still young, a whole lot of even worse commercial decisions since then, and a programming workforce that just don't care guarantee that Windows will never achieve any kind of security or stability.
13. Re:It pains me to say this... by aztracker1 · 2010-02-25 08:13 · Score: 1
  
  A 100% secure OS is unusable by the typical home user, who wants to be able to install stuff. You can't fix stupid, and you can't stop people from actually installing malware.
  
  --
  Michael J. Ryan - tracker1.info
14. Re:It pains me to say this... by aztracker1 · 2010-02-25 08:15 · Score: 1
  
  The firewall and default security settings in Windows 7 are pretty good. Unfortunately that doesn't stop social engineering. "Want to play NEW GAME HERE on Facebook? Install this plugin." Infected, not by an insecure OS, but by a user installing something they want. Most of the security issues are addressed, at this point social engineering is the harder thing to address.
  
  --
  Michael J. Ryan - tracker1.info
15. Re:It pains me to say this... by RobertM1968 · 2010-02-25 08:34 · Score: 1
  
  I am not sure why the above is modded flamebait. Sadly, it may be true.
  If Verisign only "temporarily deactivate(d) the domains" then it makes it pretty easy to move them as soon as the "temporary deactivation" expires - or of course, these botnets can simply set up new domains and be up and running again before the end of today.
  
  --
  StarTrekPhase2 - The Five Year Mission Continues!
16. Re:It pains me to say this... by Ihmhi · 2010-02-25 09:46 · Score: 1
  
  You fool! Lavishing praise upon Microsoft only brings the End of Days nearer! Quick, someone flame Windows Vista and call Bill Gates a homosexual!
  
  --
  Random Thoughts From A Diseased Mind (Not For Dummies)
17. Re:It pains me to say this... by toadlife · 2010-02-25 09:55 · Score: 1
  
  It actually takes between 30 seconds and 2 minutes for the Windows machine to get its first infection. After 10 minutes it will be riddled with crap to the point of uselessness - and this is a "Fully Patched" Windoze 7 install.
  Bullshit.
  
  A whole series of stupid decisions way back when the NT kernel was still young, a whole lot of even worse commercial decisions since then
  Like what?
  
  --
  I don't always use unix-like operating systems; but when I do, I prefer FreeBSD.
18. Re:It pains me to say this... by hairyfeet · 2010-02-25 10:20 · Score: 4, Insightful
  
  I call bullshit, unless you can back that up with a citation? My 67 year old clueless father didn't want to wait for the weekend so installed Windows 7 HP X64 all by himself. The default install found all the updates and applied them, found and installed all the drivers, and at first login took him to a screen to pick from several free Antivirus apps (He chose Microsoft Security Essentials, which works just fine) and thanks to my GF coming down for the weekend I didn't get to swing by and look at his new machine for nearly 2 weeks. What did I find?
  A perfectly working PC that was free of malware, that's what. It didn't have a single lick of trouble, and the only thing I had to do was show him how to install Firefox with ABP (because he got used to FF thanks to the office box I built him and now hates IE) but even with him running IE for two weeks there was NO infections. Not a single bug, spyware, malware, nothing.
  So how about you back up that statement with a link or two? Sure XP Pre Sp1, when it had no firewall and was just hanging in the breeze was a joke, but ever since Sp2 frankly I haven't been seeing malware from properly updated boxes. I have sold hundreds of SP2 and above boxes, all with a free AV, autoupdates turned ON, and Firefox, and there hasn't been a SINGLE one come back for malware, except for a few PENKACs that purposely ignored the AV trying to get free porn by installing a "codec". So yeah, as someone who actually does this for a living I have to call bullshit without some citations to back it up. Let's see 'em pal.
  
  --
  ACs don't waste your time replying, your posts are never seen by me.
19. Re:It pains me to say this... by Runaway1956 · 2010-02-26 09:29 · Score: 2, Informative
  
  You have a point - any system CAN BE rooted. The thing is - it isn't being done, right? And, there is no reason to think that it is going to be done any time soon. As I say - if/when Microsoft makes systems that are at least as secure as the most popular Unix derivative (Would that be Mac, or Ubuntu?) THEN MS will deserve a hooray. I'm not even suggesting that SEL be enabled. I'll accept Ubuntu's default security settings, or Mac's or Redhat's - it doesn't matter. Default.
  Yes, Windows 7 is pretty good, out of the box with default settings. I'm not yet believing that it compares to any of the Unix derivatives. In a year or so, I may have to grudgingly admit that it really is, or I may not. That old "security through obscurity" thing has something going for it, after all. Just because you know that I'm using a *nix doesn't tell you what will work to break into my system. But, a Windows exploit is going to work on more than 50% of the computers in the world.
  Look at the numbers. How much money has corporate and private America spent on 3rd party security systems that ultimately failed in the past decade? And, how much money has been stolen due to failed security? How much more money has been spent to pay off and/or clean up after security failures? Tally it up, then tell me what percentage of that is due to failed *nix distros. Admittedly, I'm asking you to do a lot of math - but go ahead. Do your best to walk through the numbers.
  Those TCO numbers being thrown around by the industry are complete and utter bullshit.
  
  --
  "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
20. Re:It pains me to say this... by lgw · 2010-02-26 13:30 · Score: 1
  
  I'd say that MS more-or-less got it right with Win7/WIn2008r2, for current values of "right". Botnet "providers" will always target the most prolific platform for their attacks, so Windows may continue to be the most-infected OS for some time even if is is somehow more secure than Unix. If everyone switched some specific Unix distro, you would see Unix botnets. As I said above, the only real fix is a cryptographically secure seperate OS (that the ordinary user never adjusts or interacts with) running on every box - but with the rise of low-power mobile computing platforms, that becomes less practical.
  I think it's interesting that one of the larger botnets now targets modems (via default passwords) instead of Windows.
  
  --
  Socialism: a lie told by totalitarians and believed by fools.
Secret courts, secret orders, ... by J'raxis · 2010-02-25 02:09 · Score: 1, Insightful

So Microsoft secretly filed a suit against 27 unnamed individuals, and got a secret order taking 277 domain names away from them, all based on a mere accusation.
Oh, but since we're fighting spam, I guess that's okay.
Wait until Microsoft starts doing this to go after copyright violations. Will y'all be cheering then?

--
Liberty in your lifetime
1. Re:Secret courts, secret orders, ... by flimflammer · 2010-02-25 02:36 · Score: 1
  
  First of all, I doubt it was strictly "They're doing something bad; can we put a stop to it?"
  Second, do you own the world supply of tin foil? Spread the wealth, my good man.
2. Re:Secret courts, secret orders, ... by nacturation · 2010-02-25 02:39 · Score: 1, Insightful
  
  So Microsoft secretly filed a suit against 27 unnamed individuals, and got a secret order taking 277 domain names away from them, all based on a mere accusation.
  I take it you've read the court proceedings and are intimately familiar with the evidence Microsoft presented before the judge?
  
  --
  Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
3. Re:Secret courts, secret orders, ... by mindstrm · 2010-02-25 02:43 · Score: 1
  
  I agree - very slippery slope - but it seems very logical in this case - I'm wrestling with how I feel about that.
  The domains were suspended, not taken away - presumably a legitimate owner can get the domain back with no problem (it is a requirement that your registration information be legitimate, and the owner exists. Had the domains had proper registered owners, that information would have been public and the owners could have been hit legally, directly.
4. Re:Secret courts, secret orders, ... by Adelbert · 2010-02-25 02:48 · Score: 2, Insightful
  
  Does it matter? I mean, are you saying you believe everyone has the right to face their accuser and defend themselves - unless the evidence is really convincing?
5. Re:Secret courts, secret orders, ... by Anonymous Coward · 2010-02-25 02:50 · Score: 0
  
  To be honest I trust Microsoft more than the police with this shit. They do run hotmail and spam affects them too, afterall.
6. Re:Secret courts, secret orders, ... by darkmeridian · 2010-02-25 02:52 · Score: 1
  
  It's not unheard of for parties to act without the knowledge of the other party (ex parte) to prevent them from frustrating relief. For instance, sometimes you can get a seizure order of copyrighted goods without the other side's knowledge if you can prove that they'll just move the goods away if you sue them normally with notice. The moving party has to show that they have a good case, and that there's a good reason notice cannot be given. Federal courts are pretty uptight about granting ex parte orders. In this case, MS probably had very good evidence that these domains were responsible, and that giving these guys notice would have been doubly pointless. First, they won't show up to defend themselves. Second, they'll probably just redirect the bots and frustrate relief.
  
  --
  A NYC lawyer blogs. http://www.chuangblog.com/
7. Re:Secret courts, secret orders, ... by Steve+Hamlin · 2010-02-25 02:52 · Score: 5, Informative
  
  It called a Temporary Restraining Order (TRO). In civil court cases, the Plaintiff can ask the judge to issue a TRO to prevent ongoing harmful conduct that later monetary damages after trial are insufficient to remedy. In other words: "Your Honor, this can't wait until the trial is over." The standards are high, and courts do not do this this without a very compelling set of alleged facts. Requesting Plaintiffs are often required to post a significant cash bond to cover damage to the enjoined party in case the TRO is not, in hindsight, the proper pre-trial remedy.
  In most cases, a court won't issue a TRO without notice to the defendants and a hearing to allow the sought-to-be-enjoined party to response to the Motion for TRO. In some situations, like this, where mere notice might allow the Defendants to further the harm, the court orders the TRO without notice to the enjoined party. The Order allows the Plaintiffs to demand third parties to do or stop doing something for the enjoined party - the first notice to them is when they can't access bank accounts, or their vendor refuses to cooperate, etc.
  The safeguards built into the system are (1) the cash bond, (2) a neutral judge that weighs the likelihood of irreversible damage and proof of the initial allegations against the harm from enjoining a party before a verdict, and most importantly, (3) that these are TEMPORARY. The judge will order a hearing with BOTH parties within (usually) 10 days of the TRO issuance, at which time the Defendants can object, rebut the Plaintiff's allegations, and ask the court to lift the injunction. At that point, it is a dispute between two noticed parties before a neutral court.
8. Re:Secret courts, secret orders, ... by Anonymous Coward · 2010-02-25 03:02 · Score: 0
  
  all based on a mere accusation.
  Microsoft demonstrated to the court that the domain names in question were being used solely for botnet command and control, and got an injunction. This is a good thing.
  If slashdot.org was also being used for control of a botnet, Microsoft would not have been able to shut down the domain name. Or at "worst", there is someone at slashdot who can respond and fight the injunction.
  I have a feeling the owners of these domain names were unreachable and have not contested the loss of their domains.
9. Re:Secret courts, secret orders, ... by Blakey+Rat · 2010-02-25 03:02 · Score: 1
  
  If someone is selling pirated versions of Microsoft products, and Microsoft has enough evidence to convince a judge, then yes-- I will be cheering. Why wouldn't I?
  It saves consumers from getting ripped-off, and it shuts down some scumbag. Win-win, as far as I'm concerned.
  
  --
  Comment of the year
10. Re:Secret courts, secret orders, ... by roman_mir · 2010-02-25 03:06 · Score: 1
  
  You know, you are right, maybe those spammers should bring up a law suit against MS for doing this, you know, on the human rights reasons.
  
  --
  You can't handle the truth.
11. Re:Secret courts, secret orders, ... by sosume · 2010-02-25 03:35 · Score: 1
  
  Igor? Is that you??? please let me know when the new command server is active.
12. Re:Secret courts, secret orders, ... by ShadowRangerRIT · 2010-02-25 03:38 · Score: 1
  
  Given that all that happened is that the domains were deactivated, and the owners are perfectly free to contest the decision after the fact, I'd say that with sufficient evidence a temporary deactivation is perfectly reasonable. We're not throwing them in prison, cutting off their bank accounts, etc., and while the court hearing was secret at the time, it was an extremely brief state of affairs with good reasons behind it.
  
  --
  $_ = "wftedskaebjgdpjgidbsmnjgcdwatb"; tr/a-z/oh, turtleneck Phrase Jar!/; print
13. Re:Secret courts, secret orders, ... by jittles · 2010-02-25 04:02 · Score: 1
  
  I think everyone can agree that its okay for some investigations/actions to happen in secret so long as a neutral judge is authorizing such activity within the constraints of the law. After all, I don't see the courts sending out telegrams when they authorize things like wire taps.
  In general judges like to keep things transparent and in the open but they're wise enough to see that there are times to keep things secret for a short time. I didn't RTFA but its possible that Microsoft went through possible law enforcement agencies to handle this. After all, running a botnet would be a criminal matter, not civil.
14. Re:Secret courts, secret orders, ... by NatasRevol · 2010-02-25 04:05 · Score: 1
  
  MSFT already is going after people who they claims to be violating copyright.
  http://cryptomeorg.siteprotect.net/
  http://wikileaks.org/
  http://file.wikileaks.org/files/microsoft-spy.pdf
  
  --
  There are two types of people in the world: Those who crave closure
15. Re:Secret courts, secret orders, ... by Ant+P. · 2010-02-25 05:06 · Score: 1
  
  Wait until Microsoft starts doing this to go after copyright violations. Will y'all be cheering then?
  I've been waiting for them to start cracking down on warez kiddiez running pirated Windows for a loooooong time.
  Those people are half the reason botnets like this spread like wildfire in the first place.
16. Re:Secret courts, secret orders, ... by John+Hasler · 2010-02-25 06:55 · Score: 1
  
  The spammers need merely appear in court and show that the order was unjustified and the judge will reverse it. They can also ask him to order Microsoft to compensate them for whatever damage they suffered as result of the takedown.
  
  --
  Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
17. Re:Secret courts, secret orders, ... by John+Hasler · 2010-02-25 06:59 · Score: 1
  
  This is not a criminal case. The spammers can appear in court and ask the judge to rescind the order and make Microsoft compensate them for their losses.
  
  --
  Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
18. Re:Secret courts, secret orders, ... by Anonymous Coward · 2010-02-25 07:00 · Score: 0
  
  No, this person is saying that everyone has the right to face their accuser unless the accused has the means and motive to destroy incriminating evidence. In that case, you still get to face your accuser but not immediately when accusations are made.
19. Re:Secret courts, secret orders, ... by nacturation · 2010-02-25 09:07 · Score: 1
  
  Does it matter? I mean, are you saying you believe everyone has the right to face their accuser and defend themselves - unless the evidence is really convincing?
  We're speculating based on not enough information. So allow me to speculate further... the owners of those hundreds of domains are not likely who they say they are on the whois information. Because Microsoft had to sue against the John Does who registered those domains, it seems to follow that the owners were either unknown, unreachable, and/or did not want to be contacted. If Microsoft made an error and these were legitimate domains run by honest owners who had no criminal elements, the domain owners can now pursue Microsoft for damages. Action such as tortious interference and so on would seem relevant, and I'll put a case of beer on the line and wager that the owners will not come forward.
  I find it unlikely that the court would grant such an order if the domain owners were readily available. Besides which, doesn't the right to face their accuser only apply if the defendants are US citizens? Even if they are, here is the relevant section of the US constitution:
  
  "In all criminal prosecutions, the accused shall enjoy the right to a speedy and public trial, by an impartial jury of the State and district where in the crime shall have been committed, which district shall have been previously ascertained by law, and to be informed of the nature and cause of the accusation; to be confronted with the witnesses against him; to have compulsory process for obtaining witnesses in his favor, and to have the Assistance of Counsel for his defence."
  Note that this only applies to criminal prosecutions. Microsoft did not nor does it have the power to charge the unnamed defendants with a crime. That is up to the state.
  
  --
  Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
20. Re:Secret courts, secret orders, ... by jonadab · 2010-02-25 13:27 · Score: 1
  
  > Besides which, doesn't the right to face their
  > accuser only apply if the defendants are US citizens?
  
  Not to my knowledge. (I'm only going on the constitution itself, though; I don't know the case law. And IANAL.) However, to the best of my knowledge (with the same caveats), the right to face your accuser only applies in criminal cases. The seventh amendment, regarding civil suits, does not mention facing your accuser (unless the phrase "common law" implies this, but if so that's news to me).
  
  But yeah, I'm pretty sure unwillingness to show up in court effectively defenestrates a lot of rights the defendant might otherwise have in a civil suit.
  
  --
  Cut that out, or I will ship you to Norilsk in a box.
21. Re:Secret courts, secret orders, ... by J'raxis · 2010-02-26 00:57 · Score: 1
  
  Yup. That this story of Microsoft playing shady games with the court system, not even a week after the Cryptome story, and the completely different attitude Slashdot and so many posters are displaying, because now it's people we don't like being attacked, was just too much to pass up.
  
  --
  Liberty in your lifetime
99% of Businesses Fail Because? by LifesABeach · 2010-02-25 02:09 · Score: 2, Funny

No one knows they exist.

And sometimes, that's a good thing...
MS is already doing that. by leuk_he · 2010-02-25 02:18 · Score: 2, Informative

Ever heard of Malicious Software Removal Tool that is rolled out in in the monthly patch cycle. It kills software MS deems bad. No court approval for that.
1. Re:MS is already doing that. by maxume · 2010-02-25 02:21 · Score: 1
  
  Yeah, because they have implicit user approval.
  
  --
  Nerd rage is the funniest rage.
2. Re:MS is already doing that. by gparent · 2010-02-25 02:28 · Score: 1
  
  Not just implicit. The first time I ran it on XP, I had to explicitly accept.
3. Re:MS is already doing that. by WCguru42 · 2010-02-25 02:54 · Score: 3, Insightful
  
  Ever heard of Malicious Software Removal Tool that is rolled out in in the monthly patch cycle. It kills software MS deems bad. No court approval for that.
  No court approval needed, you clicked that you agreed with the TOS, EULA, description of what these files contain. Last time I used MS update (admittedly over a year ago) each download had it's own name. If there was a name like Malicious Software Removal Tool I would definitely take a peek inside the description to see exactly what it was doing.
  This brings us back to the whole user issue. Most users accept all updates from MS (and pretty much any software vendor) without even so much as looking at the titles of the files their downloading. Maybe if people took a little more responsibility they wouldn't be surprised as to why their friendly purple gorilla buddy disappeared (I thought that thing had died years ago but I just saw him on someone's computer in the library last week).
  
  --
  "Educate the mind but never at the expense of the soul."~Blessed Basil Moreau
4. Re:MS is already doing that. by PopeRatzo · 2010-02-25 03:10 · Score: 1
  
  If there was a name like Malicious Software Removal Tool I would definitely take a peek inside the description to see exactly what it was doing.
  Of course.
  And then, after reading what the Malicious Software Removal Tool plans to do, you would go ahead and install it, because "what it does" is something that most people would want done on their computers.
  And even if you were to have gone ahead and installed every update from Microsoft onto your Windows XP machine, you would end up with a much better system than if you had not. 99% of the updates are doing good, and you have to think for a good while about the other 1% to come up with something objectionable. You might lose your "purple gorilla buddy", but an actual stuffed animal that you can stroke and love would be better for you and for your computer than some malware monkey or stripper or other prank, joke, or toy.
  If you have time to install purple gorillas on your computer, then you have time to read every description of every update.
  I seriously doubt that every single update that's been put out for other operating systems has been pristine and perfect, or even done what was advertised, so I think complaints here have the distinct odor of griping.
  
  --
  You are welcome on my lawn.
5. Re:MS is already doing that. by leuk_he · 2010-02-25 03:17 · Score: 1
  
  Did you really understand the extend of the updates send by MS? I do read them, but i understand enough of them to understand i cannot guess the exact extend of the updates.
  Yes, you have to approve, but even then, what are your options? Once you are in the update treadmill you will have to keep walking. You can skip a update, but in that case you get the update anyway the next time a servicepack/rollup is offered, Or get a odd application that starts crashing.
  Is don't say this is bad, but one bad patch can seriously affect a LOT OF the hardware that is out there. skype once even had trouble with it p2p network because of the large number of PC that rebooted in the update treadmill.
  The TOS are non-negotiable. Only if you take the most expensive version (data-center) they might be willing to talk about the condition you license the software under. Is that a valid contract? Ah... this is really non relevant... just click OK to continue, you are trained to do that anyway.
6. Re:MS is already doing that. by babboo65 · 2010-02-25 05:56 · Score: 1
  
  YUP! It maliciously removes any software it deems bad
  or competitive
  or more superior
  or more capable
  or cheaper
  or . . .
7. Re:MS is already doing that. by Anonymous Coward · 2010-02-25 06:51 · Score: 0
  
  That's funny. Our company installs all the service packs and updates that are required and we ended up with slower computers! One computer you can forgive but over a 100 of them!!
8. Re:MS is already doing that. by Anonymous Coward · 2010-02-25 09:24 · Score: 0
  
  Are you kidding? Most users click cancel on anything that's legitimate and accept on anything that uses 3 or more exclamation marks. That's the root of the problem right there.
9. Re:MS is already doing that. by jonadab · 2010-02-25 09:58 · Score: 1
  
  > Most users accept all updates from MS (and pretty
  > much any software vendor) without even so much as
  > looking at the titles of the files their downloading.
  
  Yeah. I typically do apt-get dist-upgrade without reading all the individual package names, too. The main exception is when I want to know if there's a kernel update or not, because it's not a convenient time to reboot (in which case if there's a kernel update I'll just wait and do the update later when it's more convenient). (Even then, I don't read through the whole list; I just grep it, or if I'm using the GUI update thingy I quickly scroll the alphabetical list down to the li section and look for linux-image to see if it's there or not. Or I don't bother, and just put the update off until a time when it doesn't matter if I need to reboot or not.)
  
  I don't think it's reasonable to expect every user to examine every update and approve them individually. All of these updates are for software packages that I either deliberately selected, or implicitly selected by installing something that depends on them. I know it's software that I want. Why should I have to approve every *update* to the software as well? Next you're going to say I should read all the source code, but I don't have time for that. I use a *lot* of software. I don't even know all the languages that some of it is written in. At some point, I have to pick out software that I think will do what I want, install it, and just *use* it. You know, so I can get something useful done. That is why I have a computer, after all.
  
  If there were a particular software package that gained a reputation for putting unwanted things in its security updates, I'd probably reconsider whether I really wanted to be using that package.
  
  Sure, before it got to that point, the Debian package maintainer would probably consider repackaging the upstream material in a way that came more in line with Debian's guidelines, and if not then the Debian folks would probably consider getting a different package maintainer. And then there's the matter of the security team, which manages security updates, which is what I'm installing in most cases.
  
  But setting all of that to one side for the moment, let's assume for the sake of argument that this wasn't being done, and so the updates for a given package DID have stuff in that I didn't want on my computer. (I'm not talking here about a few extra features I don't happen to need; I'm talking about stuff that is actively bad and fundamentally not at all in line with the stated purpose of the package.) Do you know what I'd do?
  
  I'd probably go find some other software to use that would do what I want and NOT have undesirable baggage in its updates, and then I'd uninstall the offending package. Because I have other things to do with my time than reading through lists of every single update. Any software that's so badly maintained that it makes me do that isn't worth my time.
  
  By the same token, I don't think it's reasonable to expect Windows users to screen the list of security updates they're getting from Microsoft. These are updates for Windows. Windows is software they have chosen to use. There are other choices, but they've chosen Windows. Clearly they want to use Windows. They need to keep it up to date on its security patches, because failure to do so is a leading cause of problems. (Not THE leading cause, of course. That would be user error. But not applying security updates is also a very common cause of trouble.)
  
  What's to decide? If the updates do become so egregious that they make you question whether you want to keep using Windows, then hey, there ARE other options. Meanwhile, hey, apply the patches. They can *NOT* be as bad as all the malware you get if you don't bother.
  
  Besides, if there IS something bad in one of the updates, almost nobody is sufficiently skeptical and jaded to read through the marketing-speak and figure out what it is just from the name. You'd need a code book or
  
  --
  Cut that out, or I will ship you to Norilsk in a box.
10. Re:MS is already doing that. by zippthorne · 2010-02-25 16:10 · Score: 1
  
  Here's the reason they don't:
  zippthorne ~$ sudo find / -mount -type f | wc -l 667080
  Now, granted that's not on a windows system, but the point is that there are so many files each patch might deal with hundreds. By the time you finished just reading all the files, it might be patch Tuesday all over again.
  Do you know what all those half-million files are for? I sure don't. I'm sure a good portion are non-executable media files, but that's still a lot to sift through.
  
  --
  Can you be Even More Awesome?!
A new business model for MS by Noughmad · 2010-02-25 02:22 · Score: -1, Troll

1. Write crappy software 2. Wait for it to get taken over by botnets 3. Sue to get the infected machines off the internet 4. ??? 5. Profit!

--
PlusFive Slashdot reader for Android. Can post comments.
I must have missed the memo by OzPeter · 2010-02-25 02:24 · Score: 4, Funny

Is today the day we like Microsoft?? I just want to make sure I have that right. Its not some trick to cover them acting like vigilantes is it??

--
I am Slashdot. Are you Slashdot as well?
1. Re:I must have missed the memo by Anonymous Coward · 2010-02-25 02:47 · Score: 0
  
  Vigilantes don't ask for permission.
2. Re:I must have missed the memo by Anonymous Coward · 2010-02-25 02:54 · Score: 0
  
  Today is not the day we like Microsoft because we all know the monocrop argument is a huge fallacy that only the lesser minds fall for.
  "Are all OSes equals in face of security?" No. Take OpenBSD vs OS X and tell me that they offer the same level of security and I'll take you for a fool. There goes your monocrop argument.
  So today is not the day we like Microsoft because we all know that Windows has a more than very mediocre security record track: there's a reason while, say, the entire banking industry or some countries' entire medical care systems have been switched to Un*x + Java (Java being immune to buffer overrun/overflow).
  Microsoft is the very culprit of these massive botnets in the very first place.
  You'd be a god amongst the lowlifes if instead of fighting for x% of the Windows zombies you were having, say, 20% of all the Mac OS X out there or x% of all the Linux servers out there. Yet nobody does.
  It's only MickeySoft Winblows that get pwned.
  And your monocrop fallacy doesn't hold water so, no, today is not the day we like Microsoft.
  We don't care much that said: one Linux workstation + one MacMini + one MacBook Pro here and emails done trough GMail, where I hardly remember what spam is...
  Have fun in your MickeySoft world and don't forget to be a believer: "Windows 8 shall really be secure this time and will never be part of a botnet".
3. Re:I must have missed the memo by Anonymous Coward · 2010-02-25 03:16 · Score: 0
  
  Except Windows 7 really is secure. This isn't 98 anymore, dumbshit. And what the fuck is "MickeySoft Winblows". Are you 5?
4. Re:I must have missed the memo by OolimPhon · 2010-02-25 03:25 · Score: 1
  
  But... we've always been at war with Oceania!
5. Re:I must have missed the memo by StormReaver · 2010-02-25 04:51 · Score: 1
  
  When Microsoft does something good (hell, even just non-evil), we like Microsoft. When Microsoft does something evil, we don't like Microsoft. Microsoft's actions are usually heavy on the latter, light on the former. This is a rare positive action on Microsoft's part, so it deserves one small attaboy.
6. Re:I must have missed the memo by Asic+Eng · 2010-02-25 05:37 · Score: 1
  
  It's not really vigilantism if they chose the legal route, go to court and get a judge to approve their case.
7. Re:I must have missed the memo by Anonymous Coward · 2010-02-25 05:53 · Score: 0
  
  that's just because this post wasn't done by KDAWSON. If it had, it would be all about how microsoft is hurting poor russian entrepeneurs.
8. Re:I must have missed the memo by jonadab · 2010-02-25 13:34 · Score: 1
  
  > Is today the day we like Microsoft?
  
  Can we be glad they did a certain thing, without liking them in general?
  
  I mean, I'm also extremely glad they released IE8, because it's a lot easier to support than earlier versions. That doesn't mean I don't hate them with every fiber of my being for making IE6 in the first place.
  
  --
  Cut that out, or I will ship you to Norilsk in a box.
Standing by Adrian+Lopez · 2010-02-25 02:27 · Score: 1

As glad as I am when botnets are crippled or shut down, I can't help but ask: Why is Microsoft the one pursuing this in court, rather than the government? Under what legal principle does Microsoft, a private corporation, have standing to sue for control of these domain names?

--
"In prison you just have to shut your eyes and take it. Here you have to shut your eyes and give it."
1. Re:Standing by tnk1 · 2010-02-25 02:33 · Score: 1
  
  You must have missed where Microsoft bought out the government. Please report to your local Microsoft (Re)Education Center for more details. Bring your passport.
2. Re:Standing by StuartHankins · 2010-02-25 03:08 · Score: 1
  
  Mod parent up.
  I don't like where this is going -- at all. Too many times Microsoft has done something supposedly in the spirit of friendship, then turned around and stabbed someone in the back. So I question their motives even when it appears they are doing something "right".
  
  A precedent is being set here, where a private company obtains an order to shut down a large number of sites, without warning and without proof of guilt. Yes, I think the botnet people are bad. But by destroying the *process* and doing things on the sly, you destroy the credibility of the action. Shutting down hundreds of sites based on little more than an accusation -- and without due notice -- seems to be a very large hammer for any 3rd party to wield.
  
  Today it's a botnet. Tomorrow maybe it's your site, that just happened to host an anti-Microsoft comment. Whoops. Maybe you were "accidentally" included with their next scheduled monthly site shutdown. So sorry about that.
3. Re:Standing by Blakey+Rat · 2010-02-25 03:14 · Score: 1
  
  You're making shit up. Of course Microsoft had proof, otherwise how could they convince a judge to write this order? And if there was no proof, blame lies squarely at the court who issued the order with no backing.
  What makes you say there was no proof? Do you have special knowledge of the case that the rest of us don't?
  Or are you just a paranoid kook making shit up?
  
  --
  Comment of the year
4. Re:Standing by VertigoAce · 2010-02-25 03:32 · Score: 2, Insightful
  
  I assume that by owning @hotmail.com and @microsoft.com, Microsoft itself was the target of a large amount of spam from this botnet. That would give Microsoft standing to sue, as well as a lot of evidence to back up its claims.
5. Re:Standing by StuartHankins · 2010-02-25 04:10 · Score: 1
  
  RTFA. Everything I've read clearly states that Microsoft, a US corporation, obtained this motion on the sly and without following established legal proceedings. You and I would have been laughed at had we asked for such a thing, which should tip you off that it's probably not right.
  
  It may be different where you live, but in the US, our legal system requires evidence to be presented in a court of law. In non-law-enforcement cases (which have exceptions to this rule) that also means the other party gets the chance to respond and be present for those accusations... the right to face your accuser is an important right. That's what makes it "proof" rather than "information" or "evidence" -- the way it's presented in a court of law and the legal proceedings around that presentation.
  
  If our justice system didn't require evidence to be presented in this manner, and I want to play with words such as "proof" without understanding their legal implications, I could easily "prove" BlakeyRat is responsible for any crime I wanted to make up. If I'm presenting evidence, and I'm not a government police agency, I should have to face the accusers in court, like everyone else.
  
  Or would you rather your sites be downed in the interim, like these people? Are you for losing freedom in the interest of "justice" or "safety"? Guilty until proven innocent, hmmm? I may not like the botnet or its creators *at all*, but I especially dislike the 3rd party legal maneuvering by a corporation (and future implications / precedent).
  
  In this case, a US corporation has been allowed to shut down a large number of sites, without fair trial or normal legal proceedings. That the legal proceedings were allowed to be short-cutted by any entity is bad enough, but this corporation is not even the proper party to file this motion. The proper party is law enforcement.
6. Re:Standing by Anonymous Coward · 2010-02-25 05:05 · Score: 0
  
  RTFA. Everything I've read clearly states that Microsoft, a US corporation, obtained this motion on the sly and without following established legal proceedings. You and I would have been laughed at had we asked for such a thing, which should tip you off that it's probably not right.
  Except what they did wasn't "on the sly" at all! The process of obtaining Temporary Restraining Orders (TRO) has been a well established part of the US legal system since long before the existence of Microsoft. Furthermore, a TRO can be issued without previously informing the party it is being issued against, if you can convince the judge in the case that there is significant reason for it, usually for fear that the this party will try to harm the petitioner or destroy evidence of their wrong-doing. In this case Microsoft probably argued that if the court notified the owners of these sights there was a good chance that the botnet controllers would alter their communications with the botnet before the conclusion of the proceedings, thereby making any potential action by the court moot.
  
  It may be different where you live, but in the US, our legal system requires evidence to be presented in a court of law. In non-law-enforcement cases (which have exceptions to this rule) that also means the other party gets the chance to respond and be present for those accusations... the right to face your accuser is an important right. That's what makes it "proof" rather than "information" or "evidence" -- the way it's presented in a court of law and the legal proceedings around that presentation.
  I was born, raised, and currently live in the USA, and while not a lawyer, I recognize that this case is one of the non-criminal exceptions you alluded to in your parenthetical statement. So while you sentiment is noble, it has no barring on this specific case./p
7. Re:Standing by xigxag · 2010-02-25 05:32 · Score: 1
  
  StuartHankins, the law doesn't work the way you think it does. It's not uncommon for parties to request certain types of emergency relief without notice.
  Think of it this way. Let's say you live in an apartment and your absentee upstairs neighbor has left the bathwater running and leaking down into your place, onto your clothes, personal effects, and electrical appliances. You need that water off NOW. You can't wait for the neighbor to respond to legal proceedings because there may be irreparable harm to your belongings. The exigency of the situation trumps his right to advance notice.
  Look up "ex-parte order." These kinds of interim requests are generally temporary in duration, and the other side always has the opportunity to challenge them after the fact. It would be wrong to characterize this a "short-cut." The system is designed this way.
  
  --
  There are two kinds of people: 1) those who start arrays with one and 1) those who start them with zero.
8. Re:Standing by billcopc · 2010-02-25 07:19 · Score: 1
  
  Well.. the apartment example isn't quite analogous, since you call up the super or landlord and they have the right to go deal with the problem on your behalf. Let's say you own your house, and your neighbour's water pipe burst, flooding your lot, you can't break into their home and fix the problem - at least not without being arrested and sued for B&E. If they're on vacation, you would need some form of legal approval, probably from the municipality, to call over an expect to deal with it. You can, however, take reasonable measures on your plot of land to limit or contain the damage, and then seek restitution for those costs.
  In Microsoft's case, it's quite different in that they are a 3rd party. They have nothing to do with the domain holders, and nothing to do with the victims other than selling them software. The only reason they weren't thrown out of court is because this was about spam, but really they had no right to even ask for suspension. Furthermore, Verisign had no right to suspend services for an alleged crime to which they were not party. Right now, companies get away with these transgressions due to weaselly-worded contracts, but in theory they are opening themselves up for a nasty suit by the alleged spammers.
  IANAL, but frankly the first reaction I had was negative. Today, they're revoking a domain because of spam. Tomorrow, nilly-willy censorship. What if Microsoft doesn't like that I use the words "Fuck" and "swine" and "Microsoft Works", and gets yet another nearsighted judge to shut my domain off ? It doesn't matter what you do with it, there are written laws and procedures to be followed. People's lives weren't in danger here, it's just spam. There was no excuse for trumping the law IMO.
  
  --
  -Billco, Fnarg.com
9. Re:Standing by StuartHankins · 2010-02-25 08:55 · Score: 1
  
  Yes. Much more eloquently put than I could have done. Because Microsoft is a 3rd party they should have had no ability to file this motion.
10. Re:Standing by xigxag · 2010-02-25 13:59 · Score: 1
  
  I'll accept your admonishment with respect to the weakness of my analogy :), but I don't agree at all that Microsoft can be relegated to what you call "3rd party" status here. Microsoft is certainly not holding itself out as some kind of disinterested party, it is pursuing this matter in the role of plaintiff. Read the complaint. Isn't MS inconvenienced by spam (in terms of lost work time and IT costs) as much as any large public corporation? Above and beyond that, spam sent from hotmail.com or with fake hotmail.com headers could be argued to affect the reputation of its Hotmail service. Furthermore, Microsoft claims actual damages in the amount of at least $5000.00 as a result of Waledac. They've laid out their case, it's not the court's obligation to make a full determination at this stage. Let the defendants come in and move to dismiss the complaint, and if Microsoft has no standing, the case will get tossed.
  
  --
  There are two kinds of people: 1) those who start arrays with one and 1) those who start them with zero.
Has anyone else noticed... by Anonymous Coward · 2010-02-25 02:38 · Score: 1, Insightful

that "secret" and "covert" might not be the right choice of words since Microsoft blogged about the whole thing?
In the words of Inigo Montoya: "You keep using that word. I do not think it means what you think it means."
Cyber war initiated by DOJ by RichMan · 2010-02-25 02:41 · Score: 3, Interesting

At least that is what the headline could be. Disabling foreign internet service is a big deal.
Could be a serves them right for registering as .com rather than .country. But this is one branch of the US government disabling some foreign infrastructure.
1. Re:Cyber war initiated by DOJ by CAIMLAS · 2010-02-25 03:37 · Score: 1
  
  It's laughable that you consider disabling domains serving up spam as "infrastructure" for a country. It's absurd that you consider this akin to, say, blowing up a bridge or attacking the country's infrastructure.
  The closest immediate analogy I can come up with is sinking a drug runner's US-registered boat.
  Also, maybe those foreign entities could have considered not using US assets (.com) for their attacks.
  
  --
  ~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
2. Re:Cyber war initiated by DOJ by Anonymous Coward · 2010-02-25 07:38 · Score: 0
  
  Yeah, I was kind of worried to see that almost no one noticed that verisign provides registry services, not registrar, as stated in the summary. THIS IS HUGE. Now, you can get a court order in the state of California and shut down someone's domains in Europe, China, Russia, etc. I don't understand why Verisign agreed to do this so easily.
mod parent up by argent · 2010-02-25 02:42 · Score: 1

I was going to say...
The method won't scale, it is trivial to dodge... by Anonymous Coward · 2010-02-25 02:43 · Score: 0

Filling court orders to block "control" domains (whatever you call them won't work).
Next bot shall include, say, 5000 SHA-256 cryptographic hash of domains that haven't been registered yet and that are impossible to guess and very unlikely to be registered by anyone except the bot owner (impossible to guess unless you can break SHA-256, in which case the world at large is in trouble).
Then if the bot cannot contact the last domain(s) he got orders from for more than 'x' hours/days/whatever the bot will enter into a "find new domains mode".
The bot owner shall publish new domains on a resource that MS cannot shut down. Like Usenet or making sure that Google shall crawl the new domain dome, or Twitter, or Reddit. Whatever. Even in a /. comment.
The bot shall parse "source that cannot be shutdown" and find all the domain names. He'll take the SHA-256 of them. The ones that matches of his 5000 hashes shall become new "control" domain.
This is now how MS should fix its mess. MS should fix its mess by making a security a priority but sadly it's too busy refining its endless upgrade/milking scheme (scheme into which machine getting owned is serving MS a great purpose so...).
how easy is it to get into politics? by circletimessquare · 2010-02-25 02:45 · Score: 1

its actually pretty hard. you have to be a committed passionate demagogue
sure, if you are in politics, its easy to rip people off
however, its very hard to get in that position in the first place
so, just as the post you are responding to says, it is easier to make money legally than illegally

--
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
ftc by Anonymous Coward · 2010-02-25 02:49 · Score: 0

as usual microsoft doesn't like competition. mabey the botnet writers should file a complaint with the FTC that people should have their choice amongst botnets instead of having to use microsoft's default one.
Secret Order For A Reason by dawilcox · 2010-02-25 02:50 · Score: 1

I think it's kind of ironic how both the courts and Microsoft wanted to keep this secret, but slashdot here has no respect for that. Does it occur to anyone here that there was a reason they wanted it to be secret? Maybe they didn't want these organizations retaliating? This kind of reminds me of the one time a news reporter was being held hostage. The government wanted to keep the fact that she was hostage out of the public eye in order to lower the ransom fee. However, wikipedia editors thought it better to post to it to the public.
1. Re:Secret Order For A Reason by Anonymous Coward · 2010-02-25 04:15 · Score: 1, Informative
  
  The "secret" was revealed by MS in a blog post *AFTER* the deactivating the domains, describing the aftermath. Dumbass..
And tomorrow... by Anonymous Coward · 2010-02-25 02:51 · Score: 0

277 NEW domain names will be created, computers will get reinfected, and the real problem will still exist. Nice that MS wants to clean up, but it doesn't mean much if the cause isn't dealt with.
No, work is easy by SmallFurryCreature · 2010-02-25 02:53 · Score: 3, Insightful

If you break your leg tomorrow. Were is your money coming from? Right, your boss. Sick leave. Burglers haven't got it.
Neither can you boss turn out to be carrying a gun and blow your brains out rather then pay you.
If you botch up your work, you won't land in a small cell with a guy named Bubba who likes you very very much.
You ex-gf can't turn you into your boss, even if you really screwed up.
A live of crime sound easy, but it isn't. If it was, more people would do it.
Take the pirates of somalia, sounds like easy money, but how many regular sailors can have their brains blown out by a sniper and nobody gives a damn? And if you think it sucks that your wife wants your wages, wait till you have to deal with the crime hierarchy. They are like the IRS, but not as nice. Oh, and then there is the IRS who can hook you up with Bubba again if you can't account for every penny in your pocket.

--

MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
1. Re:No, work is easy by PopeRatzo · 2010-02-25 03:16 · Score: 3, Insightful
  
  Sick leave. Burglers haven't got it.
  
  And increasingly, American workers haven't got it either, along with health care, retirement and other benefits. Shit, more and more American workers don't even have Saturdays off any more.
  Companies love contract workers just for that reason.
  Ask the "tech workers" around here, whether their working conditions, hours and benefits have increased or decreased every year since 1980.
  
  --
  You are welcome on my lawn.
2. Re:No, work is easy by HungryHobo · 2010-02-25 05:38 · Score: 1
  
  http://www.ted.com/index.php/talks/steven_levitt_analyzes_crack_economics.html
  The relatives of dead crack dealers can get death benefits.
  The crack dealers themselves can get a regular paycheck(though it's crappy pay since crack dealing isn't a high skill job).
  If you're a really good virus writer, I mean really really good you can make a lot of money.
  If you're good at finding exploits you can make good money selling them to the highest bidder through third parties who check the exploit to make sure it works and who hold the cash in escrow(they take a cut just like ebay).
  Crime does pay despite the contrary claims.
Easier method by aapold · 2010-02-25 02:57 · Score: 3, Funny

Going by the microsoft graphic of the operation, they could just arrest people who wear dark sunglasses and colored head scarves.

--
"Waste not one watt!" - CZ
How secret or quiet can it be by aapold · 2010-02-25 03:00 · Score: 1

The headline notes: " allowing the action to be taken covertly, preventing Waledac's operators from switching domains".

So now its on slashdot. Gee, thanks.

--
"Waste not one watt!" - CZ
yep, MS is the hero, for about 15 mins... by Nyder · 2010-02-25 03:01 · Score: 1

"The request was secretly approved by District Judge Leonie Brinkema, allowing the action to be taken covertly, preventing Waledac's operators from switching domains."
That is, till they figure out they don't have those domains anymore, and go to their backup DNS server. Like they don't have a way to switch control with or without warning.
Sometimes I wonder if MS had planners like these criminals, we might actually get a decent OS from them...

--
Be seeing you...
1. Re:yep, MS is the hero, for about 15 mins... by PTBarnum · 2010-02-25 04:12 · Score: 0
  
  It's a good thing for the botnet owners that Microsoft Security is too lazy to reverse engineer the bots and figure out what their fallback options are. That would have required shutting down hundreds of domains, and that would clearly have been too much work, which is why TFA says Microsoft only shut down one domain.
Fair and Balanced by Anonymous Coward · 2010-02-25 03:04 · Score: 2, Funny

It's all part of our new 'Fair and Balanced' reporting initiative.
One day a year we publish something pro-Microsoft. That way when accused of bias we can say 'see, we published the one good thing you did last year, we are just still waiting on something this year.'
not atypical by ericbg05 · 2010-02-25 03:15 · Score: 5, Insightful

So Microsoft secretly filed a suit against 27 unnamed individuals, and got a secret order taking 277 domain names away from them, all based on a mere accusation.
Oh, but since we're fighting spam, I guess that's okay.
Wait until Microsoft starts doing this to go after copyright violations. Will y'all be cheering then?
My fiancée IAL working in a federal district court. I have mod points, but I guess it's more illuminating to reply than mod down this ridiculous comment.
Stuff is filed under seal in court all the time. The idea is that you don't want the defendant you're pursuing to know you're pursuing them if there's a high chance they can cover their tracks. You can't just make a "mere accusation" and get a court to do whatever you want. That, of course, would be silly.
Most judges are really quite reasonable about the decision to keep things sealed. In any event, all the docs will become unsealed relatively quickly -- and if you think the court was *unreasonable*, that they abused their discretion somehow, you can take your complaint to the appellate court.
Court proceedings are slow, but some crooks (especially intelligent, well-funded crooks) can move fast. This is the balance we've found between thinking things through carefully, and satisfying the public's right to this information, while still prosecuting agile crooks.
In copyright infringement cases, the plaintiff would probably have a hard time convincing the judge that docs need to stay sealed.
Believe it or not, the system actually works pretty well sometimes.
Look, I'm all for an intelligent discussion of the shortcomings of the legal system, of which there are plenty. But you should really try to learn something about it before criticizing it. Otherwise you're just wasting everyone's time.
NO SUCH THING AS IDIOT-PROOF! by Chas · 2010-02-25 03:23 · Score: 4, Funny

Because idiots are amazingly inventive, persistent, and breed at a rate so ferocious that rabbits are envious.
Come up with a "foolproof" way for securing a system and some imbecile will find a way around it.
Not to mention all the inconveniences such a lockdown method would inevitably entail.

--

Chas - The one, the only.
THANK GOD!!!
1. Re:NO SUCH THING AS IDIOT-PROOF! by dgatwood · 2010-02-25 10:23 · Score: 1
  
  As the old saying goes, every time you make something idiot-proof, nature creates a better idiot.
  
  --
  Check out my sci-fi/humor trilogy at PatriotsBooks.
NOT a DNS issue you boob! by Chas · 2010-02-25 03:31 · Score: 4, Informative

This has nothing to do with US control of DNS.
They went to the domains' REGISTRAR (GoDaddy) and got THEM to disable the domains.
Control of DNS could be in the hands of Bumblefuckistan and they still could have done this.

--

Chas - The one, the only.
THANK GOD!!!
1. Re:NOT a DNS issue you boob! by Anonymous Coward · 2010-02-25 06:47 · Score: 0
  
  Control of DNS could be in the hands of Bumblefuckistan ...
  Isn't it already???
2. Re:NOT a DNS issue you boob! by NormalVisual · 2010-02-25 07:47 · Score: 1
  
  They went to the domains' REGISTRAR (GoDaddy) and got THEM to disable the domains.
  
  Wouldn't be surprised if anyone off the street couldn't have done the same thing. This *is* GoDaddy we're talking about.
  
  --
  Please stand clear of the doors, por favor mantenganse alejado de las puertas
3. Re:NOT a DNS issue you boob! by Anonymous Coward · 2010-02-25 10:15 · Score: 0
  
  This has nothing to do with US control of DNS.
  They went to the domains' REGISTRAR (GoDaddy) and got THEM to disable the domains.
  Control of DNS could be in the hands of Bumblefuckistan and they still could have done this.
  Just had to comment that Bumblefuckistan is a great name for a fictional country!
Secret? by kjart · 2010-02-25 03:34 · Score: 1

For a secret lawsuit filed in a secret court that resulted in a secret action being taken, everyone sure seems to know a lot about what happened.
Can we stop spelling Lose as Loose already? by Anonymous Coward · 2010-02-25 03:37 · Score: 0

"Even if the control machines loose DNS resolution"
I didn't know you could loose DNS resolution on anyone.... is that kind of like loosing the hounds on their ass?
You hit the nail on the head! by Anonymous Coward · 2010-02-25 03:42 · Score: 0

Even if the control machines loose DNS resolution, might not the botnet be configured to fall back to connecting to well known IP addresses to accept commands? Seems like the logical thing to do if you are creating an illegal network...
That is exactly the root of the problem, they need *tighter* DNS resolution not loose DNS reolsution. DNSSEC ftw!
Not allowed to fix by wexsessa · 2010-02-25 03:48 · Score: 1

If a/the government authority was enabled to declare an infected PC as a weapon, they could then come up with some pretext to attack it. Not suggesting this though, as the cure might well be worse than the disease. Thinx: since US Border Security can seize almost any device having data storage, with no evidence, why do they quibble about finding & disabling real threats that operate within their borders?
You're new here aren't you? by Chas · 2010-02-25 03:58 · Score: 1

The internet was originally called ARPANET (Advanced Research Projects Agency Network).
It was funded by a government agency, DARPA (Defense Advanced Research Projects Agency).

--

Chas - The one, the only.
THANK GOD!!!
*Facepalm* by Chas · 2010-02-25 04:03 · Score: 1

Yep. Because operating systems shouldn't run programs at all. Ever.
I'm sure security in an OS would be much simpler if this were true.

--

Chas - The one, the only.
THANK GOD!!!
more left wing dribble by Anonymous Coward · 2010-02-25 04:06 · Score: 0

Dammm thoze acteevist librawl judges and their antie-entrailpranewership soshallizm. stooping the freedumb of the true amariken hard workin man to make an eazy livin. TeaBaggers rule! (or maybe just drool a lot)
MS' OS facilitates malware by Anonymous Coward · 2010-02-25 04:38 · Score: 2, Interesting

It's not crap in the OS that causes the vast majority of infections. It's crap in the user's heads.
No, it's the combination. On most OSes, it's harder for a user to shoot themselves in the foot, than it is on Microsoft's OSes.
One big difference that leaps to mind, is that Microsoft OSes use the filename to decide whether or not something is executable. Have a user save malware.exe and then click on it, and it will run.
On Linux and MacOS, after the user saves malware, they have to chmod +x malware, and then they can run it. Right there, when the user has to explicitly enable the malware, they know it's not a harmless media file; they are having to acknowledge that it's a program. And programs, unlike media files, can do whatever the fuck they want to do.
MS also has application problems. Ok, so this isn't the OS' fault, but when you get into things like MS Word and MS Excel, the apps are remarkably bad. Who would have thought that a word processor needs the ability to execute a script (written in a fully-expressive language and executed without a sandbox!) embedded inside a document, automatically when the document loads? So MS blurred the line between media and programs.
It's a really bad platform for security, not just because it happens to be widely deployed, but because it's just plain bad, compared to any average normal OS (I'm not even trying to hold it up against OpenBSD or something like that).
You do not want non-geeks using it. Windows is a platform only suitable for computer experts, which is pretty funny since no computer expert wants to have anything to do with it.
Microsoft isn't evil by FoolishOwl · 2010-02-25 04:52 · Score: 1

Speaking as a FLOSS supporter -- Microsoft, and Bill Gates, have a strong line in support of proprietary software, against free software. I think FLOSS is one of the greatest ideas ever successfully put into practice, and so I'm at odds with Microsoft, et. al., on that issue.
That doesn't make Microsoft *evil*, as such. It's not like Gates ever killed anybody for his wealth -- and there are enough powerful and wealthy people and organizations around who have killed for it, that it seems a bit hyperbolic that Gates and Microsoft get singled out as evil so often.
The victory condition I hope for is not the destruction of Microsoft, but rather, Microsoft opening their source code.
1. Re:Microsoft isn't evil by WrongSizeGlass · 2010-02-25 05:25 · Score: 1
  
  The victory condition I hope for is not the destruction of Microsoft, but rather, Microsoft opening their source code.
  I think there's a better chance of Bill Gates actually killing someone than MS opening their source.
2. Re:Microsoft isn't evil by FoolishOwl · 2010-02-25 09:55 · Score: 1
  
  They've opened *some* of their source: Mono.
  There's certainly grounds to suspect it's some sort of trap. But, what if it's just what it looks like?
  Call me an optimist, but I think the FLOSS community should consider the possibility that it's winning.
Time to take Domain name control off US hands. by unity100 · 2010-02-25 05:16 · Score: 1

so, today, a us controlled, us based corporation disabled 277 frigging domain names owned by foreigners, upon orders of a U.s. court which decided upon a suit filed by a u.s. corporation based in u.s. so, it was for fight against spam, and so it was a 'good' thing. and all the fools are cheering up now.
then tell me how long until some other organization or individual or political party files a lawsuit under u.s. law to do the same thing to foreign domain names on different justification, say, 'copyright' issues, or patent issues, or maybe, political correctness, private interests, or some other godfrigging long forgotten state law (like the ones you can find in conservative states, reminiscent of 19th century), and some judge just happens to give a verdict to that end ?
what do you think will happen to the global and transborder nature of internet at that point ? how will it affect the entire internet, and all the markets and professional fields contained in it ?
nobody on the internet is subject or tributary to u.s. laws, apart from u.s. citizens. it seems that this foolery just happened will start the move towards taking the control of domain names out of u.s.'s hands, through a consortium of countries, or u.n., god knows.
but its evident that it can no longer be let to continue this way, given the rate things are going in u.s., with those private interests trying to control the net through moves against net neutrality, acta, and lobbying like in the recent news about trying to get open source labeled piracy.

--
Read radical news here
Microsoft is evil by marcosdumay · 2010-02-25 05:31 · Score: 1

They crunch the competition with illegal acts, they bribe governments to steal people's money, they also bribe governemnts to bring bad legislation, that makes everybody less secure, and have a nice plot to destroy freedom of expression once and for all (it has no chance of working on practice, but they have it).
They are evil. They are just lessen evil than people that murder for their benefit (altought, destroying freedom of expression may be more evil, you may discount non-working plans if you like).

--
Rethinking email
All hope is lost here... by dtjohnson · 2010-02-25 05:46 · Score: 0, Flamebait

1) This will not end botnets
2) Microsoft doesn't care about ending botnets
3) Microsoft will never cede control over their user's machines
4) MS Security patches will always be a finger in a leak
5) A good rootkit is one that still lets my Windows boot
6) MS doesn't really care if the Windows on my 6-yr-old laptop has suddenly become non-genuine but WGA still needs those updates
7) Windows 8 will be about like Windows 7
8) The average Microsoftie is a bing-blastin', zune totin', IE8 browsin', xbox smokin' sort of a guy.
9) There is no hope for a better tommorrow...only a more expensive one
I have a feeling... by John+Hasler · 2010-02-25 06:23 · Score: 1

...that VeriSign fully approves and is actively cooperating (but even if they don't they will "cooperate" with the judge).

--
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
Anonymous domain registration? by moeinvt · 2010-02-25 06:34 · Score: 1

How do you register a domain in such a way that you can't be tracked down if your domains are used as malware servers? How do you pay the registration fee?
Do these guys lie about their name, address, e-mail, etc. then pay the bill by using a stolen credit card or forwarding the money to the registrar via Western Union or something?
1. Re:Anonymous domain registration? by cdrguru · 2010-02-25 07:01 · Score: 1
  
  Why do you need to register anonymously? The whois information is of course faked or just left at "fuckoff". Sure, you paid with some tracable payment method, but the registrar would have to be sued to turn over the information - it isn't like they are going to cooperate.
  One of the huge problems is that the domain registrars have a very big incentive to not enforce whois requirements (and they don't) and they will absolutely protect their customers unless faced with serious legal action. The end result is that it just isn't worth it most of the time. Law enforcement doesn't care much until you can prove over $25,0000 in damages. Civil court will pretty much laugh at you unless you are the size of Microsoft or Google.
  Also, domain registrars are absolutely complicit in the problems. Why would anyone be able to register the domain myebay.com? How about chasebanking.com? The fact that these domains are being registered with the specific intent to snare people and steal from them should be enough to prove that the domain registrars (just about all of them) are much more interested in their customers than being responsible.
2. Re:Anonymous domain registration? by moeinvt · 2010-02-25 08:39 · Score: 1
  
  Typo-squatters aren't "necessarily" doing anything illegal. Most of the sites I've mistakenly visited are just parking spots for a bunch of ads (Although I did read about a google-typo site that was a malware downloader). I'm also mildly surprised that the domain registrars wouldn't just roll over if the government came knocking, warrant or not.
  Suppose a trojan is coded to connect to a set list or domains that are basically drive-by downloaders for keylogging and botnet software. The key-logger grabs CC and bank login info and uploads it to a server. Are you trying to say that the person/people running that operation registered the domains in the original trojan by using a credit card that had their name and a valid billing address? I just find that VERY hard to believe. Spamming is one thing, dealing with stolen CCs and bank account info is serious. Seems illogical that the scammers would leave a trail like that and just HOPE that it wasn't worth the time and effort on behalf of the banks and law enforcement to track them down.
The Domain Lock Solution by konohitowa · 2010-02-25 06:38 · Score: 1

I thought this action was interesting. Today I learned that MS did something I agree with via domain locking. Yesterday I learned that MS did something I disagreed with via domain locking (http://yro.slashdot.org/story/10/02/24/1939257/Cryptome-in-Hot-Water-Again).
I'm not quite sure how I feel about the totality of this...
Re:Software Updates by Phrogman · 2010-02-25 07:02 · Score: 1

Yes, but unfortunately sometimes companies like to slip in things with an update that they don't bother to mention. If you want the security added by the "security update" then you end up accepting the new version of DRM that's been slipped into surreptitiously as well. MS did this at one point I believe, but I have no doubt that they are not alone.
If software manufacturers were under some legal obligation to tell the truth and act in their user's interests it might be different, but I often get the feeling that having bought their product, I am now a "marketing unit" and serve the double purpose of being analyzed, exploited and becoming the target of further marketing by their corporate friends.

--
"The first time I got drunk, I got married. The second time I bought a chimpanzee, after that I stayed sober" Arian Seid
Maintenance is SO command line... by mangu · 2010-02-25 07:05 · Score: 1

But you can tell them to perform preventative maintenance like fluid changes, etc.
Tell that to people who have grown used to clicking on icons and expecting everything to work just like magic.
And if something does not work as expected blame the third-party device driver.
Car maintenance is something like "tail /var/log/messages". Preventive maintenance is installing rkhunter and chkrootkit. That's what mechanics do, not the owner.
Secretly? by rgviza · 2010-02-25 07:11 · Score: 1

If it was a secret, it wouldn't be on slashdot ; )

--
Don't kid yourself. It's the size of the regexp AND how you use it that counts.
obscurity by jbengt · 2010-02-25 07:16 · Score: 1

. . . that word. I do not think it means what you think it means.
1. Re:obscurity by TheCycoONE · 2010-02-26 02:45 · Score: 1
  
  I'll cherry pick the definitions that fit my intended purpose:
  "3b: not prominent or famous "
  As in Windows is far more prominent. Linux is niche for desktop machines. For servers the situation is different but my post isn't about servers - users don't surf insecure sites and run random programs off of servers.
Why Unnamed? by sproketboy · 2010-02-25 07:30 · Score: 1

Why unnamed? Why the secrecy? Bring the cockroaches out into the light.
Just plain silly by Hurricane78 · 2010-02-25 07:47 · Score: 1

The request was secretly approved by District Judge Leonie Brinkema, allowing the action to be taken covertly, preventing Waledac's operators from switching domains.
So they did not switch domains until now. And are in the process of switching right now. Probably being done by tomorrow.
Wow. A whole day of a bit less spam. That really changed things... ;)

--
Any sufficiently advanced intelligence is indistinguishable from stupidity.
Offspring coming shortly by M3.14 · 2010-02-25 08:00 · Score: 1

I'm pretty sure someone will find a way how to get the control back or salvage large number of zombie-PCs even without those domains. It happened before: https://infosecurity.us/?p=6262
hotmail by spiracle · 2010-02-25 12:23 · Score: 1

The only reason Microsoft cares about this botnet because it "was responsible for sending 651 million spam e-mails to Hotmail addresses over an 18-day period last month".
Funny though.... by hesaigo999ca · 2010-02-26 05:03 · Score: 1

You know it is funny that they should have to ask to be able to shut them down as they own the software that most is run on, and could somehow figure out how to shut them down through their loopholes the way they do people with legit copies of windows, and have to prove they have legit copies of windows, I also find it funny that they contacted verisign about this, seeing as they have the mass of dns servers online and could have sent out an easy fix in the actual firmware of their product to do more filtering of these sites then worry about getting verisign in on something they could have at some point said no to....but in the end, I enjoy the fact that they still did a good deed. Way to go M$, taking a step in the right direction.