Slashdot Mirror
Microsoft Secretly Beheads Notorious Waledac Botnet
Barence writes "Microsoft has quietly won court approval to deactivate 277 domain names that are being used to control a vast network of infected PCs. The notorious Waledac botnet is being used by Eastern European spammers to send 1.5 billion spam messages every day, and infect hundreds of thousands of machines with malware. In a suit filed in the US District Court of Eastern Virginia, Microsoft accused 27 unnamed defendants of violating federal computer crime laws. It further requested that domain registrar Verisign temporarily deactivate the domains, shutting down the control servers being used to send commands to the machines. The request was secretly approved by District Judge Leonie Brinkema, allowing the action to be taken covertly, preventing Waledac's operators from switching domains."
...but where will I get all my v14gra now??
This is nice (if reactionary) but how long before we can get a court order to legally fight the botnet by 'infecting' the target computers with a patch, or at least some sort of message that warns the user to seek help?
Would Microsoft ever go that far? Would that be admitting that the only solution to the holes in Windows is vigilantism?
Even if the control machines loose DNS resolution, might not the botnet be configured to fall back to connecting to well known IP addresses to accept commands? Seems like the logical thing to do if you are creating an illegal network...
It's not crap in the OS that causes the vast majority of infections. It's crap in the user's heads.
Why not just add code to check for an infection in the next Windows update. If found, then the user is presented with a dialogue at every boot that they must ok, and prevents them from logging in for 5 minutes for the first boot, increasing by 1 minute for each subsequent boot. Even lazy idiots will eventually get sick of this and do something about their machines.
Code, Hardware, stuff like that.
MS has the "malicious software removal tool" that shows up monthly in Automatic Updates and it will take care of it - but unfortunately WAY too many people don't have the automatic updates enabled or just refuse to run them. If they would run them a couple of these botnets would be gone.
New set of domains acquired and botnet spamming again in 3..2..1..
... but HOORAY FOR MICROSOFT!
I hate printers.
No one knows they exist.
And sometimes, that's a good thing...
It's not crap in the OS that causes the vast majority of infections. It's crap in the user's heads.
Cheap cop-out.
You're in a mass-market. You can not expect the majority of users to know anything about computers. You can debate that point all you like, but that's how it is. Saying otherwise is like saying only car mechanics should be allowed to drive cars.
Assorted stuff I do sometimes: Lemuria.org
This can also be started manually by running "MRT.exe" from the run prompt. The month of the update is in the title bar, so it's easy to tell if you're current or not.
-- "Freedom is the right of all sentient beings" -Optimus Prime
Ever heard of Malicious Software Removal Tool that is rolled out in in the monthly patch cycle. It kills software MS deems bad. No court approval for that.
Cheap cop-out.
You're in a mass-market. You can not expect the majority of users to know anything about computers. You can debate that point all you like, but that's how it is. Saying otherwise is like saying only car mechanics should be allowed to drive cars.
No, it's more like saying "people should know how to drive before taking their car on public roads"
The Ukranians, Poles, and Chechs called. They're insulted that you're lumping them in with the Rooskies, and they're rooting your box.
The insulted Czechs are now rooting your box.
That explains all the spam. The Czechs are in the mail.
Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
You're in a mass-market. You can not expect the majority of users to know anything about computers. You can debate that point all you like, but that's how it is. Saying otherwise is like saying only car mechanics should be allowed to drive cars.
But you can tell them to perform preventative maintenence like fluid changes, etc. Then it is their fault if they think they know better and ignore the manufacturer's recommendations.
An example would be brake pads. If you're lazy, you might never replace your brake pads, making you a hazard to everyone else on the road. So, brake pads have metal filings in the last portion of the pad to make an obnoxious grinding noise when it's time to change them. What better way to get people to take care of their car/computer than to annoy them until they fix the issue?
Write your representatives! Repeal the 2nd Law of Thermodynamics!
Is today the day we like Microsoft?? I just want to make sure I have that right. Its not some trick to cover them acting like vigilantes is it??
I am Slashdot. Are you Slashdot as well?
It's not "president". You probably meant "precedent".
No he really does mean "president". You see, now that Bill isn't there, Microsoft has this big tank of goop out in the back, and whenever they need a new VP to make a bold policy change they open a valve and flow the goop into a person shaped mould. Then they have to let it harden or "set". After which time they decant the new president and set him to work
Thus the OP was expressing his concern for the Zombie like creatures that this policy has brought to (semi) life
He must be a member of PETZ
I am Slashdot. Are you Slashdot as well?
At least that is what the headline could be. Disabling foreign internet service is a big deal.
Could be a serves them right for registering as .com rather than .country. But this is one branch of the US government disabling some foreign infrastructure.
I am by nature a MS basher ... at times even a rather venomous one .. but let's give MS some credit here. They went to court and obviously provided enough evidence that a judge was convinced (yes, yes, I hear the chorus of 'what qualifications did the judge have?'). They didn't take actions into their own hands and they released the information about it once the court ruling was made.
... I feel a little dirty now ... I better go clean up. I'm pretty sure Steve Jobs will personally come over to repossess my Apple Fan Boy card. Sniff, I'm going to miss it ... a lot. But, I'm rather excited to finally meet Mr Jobs :-)
The fact remains that MS was actually acting in their own best interest and that of their customers. Those of use who don't use Windows will probably benefit by receiving a little less spam every day, too.
Hmmm
Does it matter? I mean, are you saying you believe everyone has the right to face their accuser and defend themselves - unless the evidence is really convincing?
In most cases, a court won't issue a TRO without notice to the defendants and a hearing to allow the sought-to-be-enjoined party to response to the Motion for TRO. In some situations, like this, where mere notice might allow the Defendants to further the harm, the court orders the TRO without notice to the enjoined party. The Order allows the Plaintiffs to demand third parties to do or stop doing something for the enjoined party - the first notice to them is when they can't access bank accounts, or their vendor refuses to cooperate, etc.
The safeguards built into the system are (1) the cash bond, (2) a neutral judge that weighs the likelihood of irreversible damage and proof of the initial allegations against the harm from enjoining a party before a verdict, and most importantly, (3) that these are TEMPORARY. The judge will order a hearing with BOTH parties within (usually) 10 days of the TRO issuance, at which time the Defendants can object, rebut the Plaintiff's allegations, and ask the court to lift the injunction. At that point, it is a dispute between two noticed parties before a neutral court.
If you break your leg tomorrow. Were is your money coming from? Right, your boss. Sick leave. Burglers haven't got it.
Neither can you boss turn out to be carrying a gun and blow your brains out rather then pay you.
If you botch up your work, you won't land in a small cell with a guy named Bubba who likes you very very much.
You ex-gf can't turn you into your boss, even if you really screwed up.
A live of crime sound easy, but it isn't. If it was, more people would do it.
Take the pirates of somalia, sounds like easy money, but how many regular sailors can have their brains blown out by a sniper and nobody gives a damn? And if you think it sucks that your wife wants your wages, wait till you have to deal with the crime hierarchy. They are like the IRS, but not as nice. Oh, and then there is the IRS who can hook you up with Bubba again if you can't account for every penny in your pocket.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
If MS would stop including questionable programs or new versions (not just bugfixes) in their Automatic Updates, people would trust them more. But there's nothing like having a working system screwed up by some new version of software to make you turn the damn thing off.
Automatic Updates should not be the equivalent of loading some unstable branch in Linux. We pay MS a lot of money to get this shit right, and they're full of fail.
Going by the microsoft graphic of the operation, they could just arrest people who wear dark sunglasses and colored head scarves.
"Waste not one watt!" - CZ
It's all part of our new 'Fair and Balanced' reporting initiative.
One day a year we publish something pro-Microsoft. That way when accused of bias we can say 'see, we published the one good thing you did last year, we are just still waiting on something this year.'
So Microsoft secretly filed a suit against 27 unnamed individuals, and got a secret order taking 277 domain names away from them, all based on a mere accusation.
Oh, but since we're fighting spam, I guess that's okay.
Wait until Microsoft starts doing this to go after copyright violations. Will y'all be cheering then?
My fiancée IAL working in a federal district court. I have mod points, but I guess it's more illuminating to reply than mod down this ridiculous comment.
Stuff is filed under seal in court all the time. The idea is that you don't want the defendant you're pursuing to know you're pursuing them if there's a high chance they can cover their tracks. You can't just make a "mere accusation" and get a court to do whatever you want. That, of course, would be silly.
Most judges are really quite reasonable about the decision to keep things sealed. In any event, all the docs will become unsealed relatively quickly -- and if you think the court was *unreasonable*, that they abused their discretion somehow, you can take your complaint to the appellate court.
Court proceedings are slow, but some crooks (especially intelligent, well-funded crooks) can move fast. This is the balance we've found between thinking things through carefully, and satisfying the public's right to this information, while still prosecuting agile crooks.
In copyright infringement cases, the plaintiff would probably have a hard time convincing the judge that docs need to stay sealed.
Believe it or not, the system actually works pretty well sometimes.
Look, I'm all for an intelligent discussion of the shortcomings of the legal system, of which there are plenty. But you should really try to learn something about it before criticizing it. Otherwise you're just wasting everyone's time.
Because idiots are amazingly inventive, persistent, and breed at a rate so ferocious that rabbits are envious.
Come up with a "foolproof" way for securing a system and some imbecile will find a way around it.
Not to mention all the inconveniences such a lockdown method would inevitably entail.
Chas - The one, the only.
THANK GOD!!!
This has nothing to do with US control of DNS.
They went to the domains' REGISTRAR (GoDaddy) and got THEM to disable the domains.
Control of DNS could be in the hands of Bumblefuckistan and they still could have done this.
Chas - The one, the only.
THANK GOD!!!
I assume that by owning @hotmail.com and @microsoft.com, Microsoft itself was the target of a large amount of spam from this botnet. That would give Microsoft standing to sue, as well as a lot of evidence to back up its claims.
That's true but not an excuse for a stuck throttle...
It would be even sadder if it were still on the air.
Nerd rage is the funniest rage.
That's just what they want you to think. They are the East European Ninja's Ninja. First Rule of the Chech Dynasty is you don't talk abou.@$!@$&*
The VAST majority of malware installs today happen as the result of idiotic users installing the software themselves.
Even if you made the PERFECT O/S, how would it be able to stop morons from fucking up their systems because they loved that kewl smiley package, or wanted their fuzzy purple gorrilla back...
Infections relying soley upon O/S vulnerabilities are declining, and social manipulations are the new attack vector. As long as the vast majority of users remain essentially retarded with regard to operating thier computers, this will ALWAYS be a problem, and has NOTHING to do with what the flavour of your O/S is... As always, malware authors target Windows because they can get tens of millions of computers with a single application, when OS X or *nix offers the same (or a similiar) level of penetration, I GUARANTEE they'll be targetted too...
-AC
This is just another case of Microsoft going after successful businessmen, in order to drive them out of an arena that Microsoft is planning on taking over. Soon, you're e-mail will be plastered with offers for MSV1AGRA, and letters from the son of the deposed Chaiman of Microsoft who needs your help getting money out of Redmond.
Who would win this election: Andrew Weiner vs Andrew Weiner's weiner.
No, it's the combination. On most OSes, it's harder for a user to shoot themselves in the foot, than it is on Microsoft's OSes.
One big difference that leaps to mind, is that Microsoft OSes use the filename to decide whether or not something is executable. Have a user save malware.exe and then click on it, and it will run.
On Linux and MacOS, after the user saves malware, they have to chmod +x malware, and then they can run it. Right there, when the user has to explicitly enable the malware, they know it's not a harmless media file; they are having to acknowledge that it's a program. And programs, unlike media files, can do whatever the fuck they want to do.
MS also has application problems. Ok, so this isn't the OS' fault, but when you get into things like MS Word and MS Excel, the apps are remarkably bad. Who would have thought that a word processor needs the ability to execute a script (written in a fully-expressive language and executed without a sandbox!) embedded inside a document, automatically when the document loads? So MS blurred the line between media and programs.
It's a really bad platform for security, not just because it happens to be widely deployed, but because it's just plain bad, compared to any average normal OS (I'm not even trying to hold it up against OpenBSD or something like that).
You do not want non-geeks using it. Windows is a platform only suitable for computer experts, which is pretty funny since no computer expert wants to have anything to do with it.
Linux isn't all that secure in the way people care about. Most Linux users care about and are aware of security so they tend to only run programs they get off their package manager or other trusted sources and not run them as root.
However I've introduced windows users to Linux, and they keep their windows habits like downloading random programs off the internet until told otherwise. A malicious program in Linux can do all the bad things a malicious program in Windows can; and if the program has a little dialog that tells people to run 'sudo programname' if it has limited permissions, I'm sure a lot of people could be socially engineered to do so.
SELinux addresses some of these problems (eg. a program cannot modify files outside of its security context even if they are owned by the same user) but it is not feasible for an inexperienced/casual user to configure.
As has been mentioned before, there are two/three things that keep Linux more secure at the moment besides the average technical know-how of its users.
1. The main one: obscurity. There are not nearly as many Linux machines, and those have fairly diverse sets of software installed on them.
2. All software (installed through package repositories) have a single update mechanism, making it easier to keep all programs up to date. In windows lots of programs don't have any built in mechanism for determining if a newer version is available, so old exploitable software can go unnoticed for a long time.
3. Users and Groups existed since the beginning so all software is written to avoid requiring root access unless necessary. This is a problem with windows since the UAC comes up often enough and is easy enough to bypass by default (click ok) that users do it automatically. At this point it's too late though, malicious code that can access my /home/x directory already has access to lots of sensitive information (browser history, personal files, etc.), and can transmit that information over the internet.
I love Linux, but it is not a security fix-all for uneducated users.
You expect someone who drives a car to understand that they need to change the oil, fill up the gas, etc.
Uh, no?
I drive rental cars, don't own one myself (several reason, not important here why). I don't care about changing oil or even washing the damn thing, and if filling up the gas wouldn't be so expensive at the rental company, I'd let them do even that.
Lots of people who do own cars don't change oil, either. They bring it to a garage and let them do it.
And why shouldn't they? It's not as if being able to change the oil makes you a better driver.
Assorted stuff I do sometimes: Lemuria.org
No, it's more like saying "people should know how to drive before taking their car on public roads"
No, it isn't.
They know how to "drive" - they can click those buttons, enter a URL, write an e-mail.
Their errors are not in the driving. They're in - to stay with the analogy - where they are driving to. Someone taught them how to drive, but nobody told them not to drive their nice Porsche into the Bronx.
Assorted stuff I do sometimes: Lemuria.org
Most user don't realize that it is an executable, and the blame for that lies 100% with Microsoft.
Assorted stuff I do sometimes: Lemuria.org