Microsoft Conducts Massive Botnet Takedown Action

h4rm0ny writes "Microsoft, in cooperation with Federal agents, conducted what the Wall Street Journal described as 'sweeping legal attacks' as they entered facilities in Kansas City, Scranton, Pa, Denver, Dallas, Chicago, Seattle and Columbus, Ohio to seize alleged 'command and control' machines for the Rustock botnet — described as the largest source of spam in the world. The operation is intended to 'decapitate' the botnet, preventing the seized machines from sending orders to suborned PCs around the world."

Microsoft helps the internet

[viablos]

I think this shows that Microsoft cares about the internet. It's not really Microsoft's problem, but they still help to solve it. Fact is, you cannot change stupid people and they will get their computers infected no matter what. Windows 7 is just as secure as Mac OSX or Linux, but it's the users what is the problem. Good job Microsoft, for taking care of the internet.

Re:Microsoft helps the internet

[ledow]

"It's not really Microsoft's problem, but they still help to solve it."

Wiki says: The Rustock botnet (founded around 2006) is a botnet that consists of an estimated 150,000 computers running Microsoft Windows.

It could be suggested that, at some level, it *IS* a Microsoft problem, in the same way that it would be Nintendo's problem if everyone's Wii suddenly started joining a botnet. Yeah, partly the user and partly the malware author, but also quite a bit the OS insecurity too.

Re:Microsoft helps the internet

[Phoshi]

Except that you can have as much security as you want, but there'll still always be people who click yes to every message box because they want... I dunno, whatever the craze is these days. 100 free animated cursors or whatever. It's not the fault of people like us, who would know how to spot a botnet, it's the fault of people that don't know, and don't care. The same would happen on *nix if you had huge quantities of people who would give anything and everything root just because it asked. What MS really need to do is educate people - instead of an intimidating dialogue that says "DO YOU WANT TO ALLOW THIS YES | NO" there needs to be an explanation of the consequences.

Re:Microsoft helps the internet

[Joce640k]

How can you secure an OS against users who click "yes"?

Windows is already a total pain in the butt trying to nanny/protect people but it's made no difference whatsoever to the amount of spam arriving here.

Re:Microsoft helps the internet

[AJH16]

They have started doing this but it still doesn't matter. I watched my brother in law launch a virus directly before I could say anything. The dialog popped up explaining the risk quite clearly and he just clicked yes without even reading it.

Re:Microsoft helps the internet

[Bert64]

Sure, you cannot change stupid people but you can make it more difficult for their stupidity to be exploited...
Similarly windows 7 may be better than previous versions, but it's no magic bullet and does nothing to remove all the existing old versions out there either...

MS are directly responsible for many insecure design decisions and technologies which make it easier for malware, such things as hiding file extensions by default while relying on file extensions to determine executability, activex, allowing/encouraging users to run with admin privileges by default, having extremely complex network services (msrpc, netbios etc) running by default even on standalone workstations, making it simple to execute email attachments, using obfuscated file formats which make it easier for malicious code to hide, automatically executing programs when removable media is inserted, no centralised way to update third party applications... not to mention an os which is insanely complex and containing years and years worth of cruft giving huge numbers of places for bugs to hide and often making it more difficult to fix them.

Sure, malware would still exist if linux or macos were the most common end user platform, but i don't believe the problem would be as serious as it is with windows.

Re:Microsoft helps the internet

[Buggz]

What MS really need to do is educate people - instead of an intimidating dialogue that says "DO YOU WANT TO ALLOW THIS YES | NO" there needs to be an explanation of the consequences.

If they don't care, they don't read it. For those people, any kind of message box is in the way of them getting to what they wanted to do and thus they click on YES just to get rid of the it.

Re:Microsoft helps the internet

[Bert64]

Make cut down systems with limited functions aimed at end users (eg ipad), this will serve end users much better since they no longer have to worry about the complexity of a general purpose os...

Advanced users can still use more complex computers, on the basis that advanced users are far less likely to fall for social engineering tricks, you don't see many such attacks aimed at people using a cli based unix system.

Re:Microsoft helps the internet

[AJH16]

Or perhaps because the users are more educated in general and less viruses target them as they are not the lions share of systems out there. Unless you make it impossible for a user to run programs on their system, a virus will always be able to ask nicely on any system and get a user to run it because users are idiots. (In general principal) when it comes to technology. One system may be more difficult to exploit than another, but a large percentage of virus infections really are not even based on exploits, but rather simply making users do stupid things.

Re:Microsoft helps the internet

[Bert64]

Linux marketshare is huge everywhere but the desktop...

Supercomputers - 80-90% linux, who wouldnt want to hack into a top500 supercomputer?
Phones - android linux, iphone running an osx derivative..
Servers - linux is pretty big in the server market, servers make far more attractive targets for hackers since they're usually more powerful and have more bandwidth.
Embedded - linux is pretty big in the embedded market too, lots of networking equipment runs linux, lots of pvr devices too, ip telephony handsets, all kinds of stuff.

In terms of overall installs, i wouldn't be surprised to find that linux actually outnumbers windows quite considerably.

Re:Microsoft helps the internet

[Nimey]

Occam's Razor: more likely they're tired of dealing with spam going to Hotmail/Live, and this is an expedient way to reduce it.

Re:Microsoft helps the internet

[ledow]

Don't give them the option to click Yes to incredibly stupid things like "Run this program every time I start my computer, with no easy way to monitor it or stop it from loading" (the latest one I've seen is viruses that replace the user's shell value in the registry - somewhere not listed in startup lists - and then re-execute explorer).

Or "Allow this program to spam the hell out of everyone with no controls on what they are doing on the Internet on SMTP ports and whatever it likes, as much as it likes, with no easy way of knowing what's accessing the Internet from my PC"

Or "Allow this program to hide itself in the filesystem once it's loaded by overriding certain function hooks" - even if you ARE admin.

And if the user DOES click Yes, make it easy to remove that privilege later, i.e. don't have antivirus controls which are basically stuck because they CAN'T remove a file with that particular permissioning, or sometimes can't even see it in the filesystem, or can't remove it because when they do the process just recreates it immediately, or has two processes watching and respawning each other which can't be killed simultaneously.

The problem is Windows security is NOT people running in an account with the ability to install programs. It's the OS not providing a way to recover from bad decisions and separating "user" and "admin" too much. Most users *are* admins of their machines and need to install, remove, manage stuff. But they do NOT need the ability to install a filesystem hook except once in a blue moon. And anything they install should NOT affect other users at all. "User" needs to become a lot more powerful, and a lot more isolated from other users, while still requiring admin rights (and then make it truly impossible to execute things as admin without logging on as that directly - and make the "admin" account USELESS for day-to-day-use, no browser or shortcut access should do the trick).

And this is why MS decided LAST WEEK to turn off Autorun in XP by default. Duh. The setting that ANYONE with a brain has had switched off since day one (i.e. ten YEARS ago). That was a bad decision all along, even if it "helped" users (doesn't help anyone I know, because they click "Remember this" the first time and then never see the dialog again and then wonder why their DVD's only ever open in Media Player rather than PowerDVD, etc.)

MS are supposed to have dozens of usability and interface guys. I've yet to see a single convincing example of this - most of their stuff is just useless eye-candy that people can't grasp without being shown by someone who knows.

Re:Microsoft helps the internet

[VortexCortex]

Except that you can have as much security as you want, but there'll still always be people who click yes to every message box because they want... I dunno, whatever the craze is these days. 100 free animated cursors or whatever. It's not the fault of people like us, who would know how to spot a botnet, it's the fault of people that don't know, and don't care. The same would happen on *nix if you had huge quantities of people who would give anything and everything root just because it asked. What MS really need to do is educate people - instead of an intimidating dialogue that says "DO YOU WANT TO ALLOW THIS YES | NO" there needs to be an explanation of the consequences.

Actually, my parents and my neighbor are all all of the ilk that click yes to everything. They constantly infected their machines until I installed Linux for them (I used the Vista is crap FUD wars in my favor). The UI difference between XP and Win7 or Vista is somewhat similar to the difference they encountered on Linux, and there are FOSS replacements for all of the things they need to do: Email, Web, music & video, simple games, Create / Open documents & PDFs (Open office actually opens a few of my mom's MS docs that MS Office wouldn't, and the OS's print to file:PDF is a brilliant built in feature.)

My neighbor (a 75yr old retired mechanic) has actually commented that he finds the Linux OS prompt dialogs easier to understand & more informative.

Windows: User Account Control stops unauthorized access to your computer. If you started this action, continue. ____(Program/Action)____
____(Publisher)____

Linux: To install or remove software, you need to authenticate. (An application is attempting to perform an anction that requires privileges. Authentication is required to perform this action.
Password: ____
(click here for details)
Action: ___
Vendor: ____

He has less problems using Linux (shaky hands -- Gnome has drag & drop threshold, no more accidental file copy or moves).

The yes-clickers still click yes to everything, they have tons of software installed from the repositories that they don't really need, just because they never uninstall things after they try them. They have yet to contract a virus. Theoretically they are still at risk, and if the Linux using crowd becomes a large enough target, we may see more viruses in Linux (this theory has yet to be proven, and fails to consider that, unlike Windows, Linux has many different distributions and a better update policy).

However, right now, Windows is the only OS that has rampant malware problems. If you are concerned with the rampant virus problem, it would be wise to not willfully expose yourself to it by not using the only OS brand with such a problem... It seems like a simple solution, UI difference FUD & incompatible application FUD be damned; I've found that most people who actually give desktop distros of Linux an earnest try have no more problems than people upgrading from XP to Win7.

Yes, there are people who must use some program that just doesn't have a FOSS replacement or run well in WINE -- These people are not the average user that has been trained to clicks yes to everything and hosts botnets.

Re:Microsoft helps the internet

[StillNeedMoreCoffee]

Your absoulutely right, and hostages are at fault for being in that bank at that time. Of course the bank robbers don't have anything to do with it. Thats their job, they are just part of nature. The hostages should have been carrying guns, trained for years in martial arts and been wearing armored vests and carrying secure military style communcations systems, driving hum vee's with automatic weapons on them to protect against the threats in their neighborhood bank.

I think this is a good analogy to the envirionment on the internet. It has been turned into a war zone. So microsofts takedown is akin to taking back one neighborhood from gangs of thieves.

We should not have to have anti-virus protection. We should not have to protect ourselves against someone trying to take over our computer to make money or deny service to someone else. These are criminals and that is what you should focus on. Eliminating those people's ability to assault our property and our lives and our finances by better designed systems (we require that of auto manufactures and food and drug manufactures) , or by putting those people in jail where they can't steal from us.

I agree it is prudent to have anti-virus protection. But remember these evil people will find technological and social engineering ways around each roadblock we put up, at least until they are caught. They should be caught and pay for their crimes. So blaming people for not knowing the work around de jour is missed placed blame.

    Adjusting my armored vest. Can't be too safe out there. Now where did I put the AK?

Re:Microsoft helps the internet

[Blakey+Rat]

Yeah, partly the user and partly the malware author, but also quite a bit the OS insecurity too.

But... it's not "partly" the user, it's like 80% the user. And "OS insecurity" is more often insecurity in Adobe or JavaVM or QuickTime than it is in Windows itself. (Although there is some Windows in there, admittedly.)

So, I agree with the OP here. If it was a fair world, every software vendor on Windows whose software was full of security holes should be helping out with this... Adobe is responsible for a lot more attacks than Microsoft has been in the last decade. It's been a long while since Microsoft was the main cause of the problem.

Re:Microsoft helps the internet

[Blakey+Rat]

The only difference is that most Linux distros will ask you to enter your password and click OK, whilst Windows 7 will display a big yellow-topped box and just ask you if you're sure.

Only if you're already running as Admin.

If you're really concerned about security, you should be running a normal User account, and then UAC will ask for a password to perform administrative tasks.

I believe that setup is identical in every OS-- I haven't tried every Linux, but Windows Vista/7 and OS X certainly behave the same. Not fair to give Windows 7 flak for doing the same thing everybody else is doing.

Re:Microsoft helps the internet

[LordLimecat]

OS insecurity has very little to do with it. Make 'rootkit_and_sendspam.sh' and run it from a Linux box, it will work just as well. Whats that, gksu will prompt you if you really want to do that? IIRC Vista and seven do as well, and if people actually followed Microsoft's best practices for XP, youd get a runas prompt on that as well.

In 5 years, the story will be about Apple viruses; that doesnt mean Unix is insecure (though it may indeed be because of Adobe flaws).

Re:Microsoft helps the internet

[h4rm0ny]

Didn't really mean to give them flak. I think the systems are pretty much comparable, I was just trying to be complete in my analysis. I do run my Windows box as Admin. It's not my primary OS and I wasn't aware of that until another poster also pointed it out. I mainly just use my Windows partition for MS Office and occasional audio work, for everything else it's either Gentoo or (when I've broken Gentoo), Kubuntu. I wasn't giving Windows 7 grief - I actually really enjoy using it.

Re:Microsoft helps the internet

[CohibaVancouver]

there'll still always be people who click yes to every message box because they want

I'm not a network admin, but sometimes I wonder if the place to trap this is upstream at the ISP - So if my mum's box is a bot it doesn't matter (other than the slowdown) because the "bad" traffic from her machine is stopped at the ISP?

Re:Microsoft helps the internet

[DarwinSurvivor]

Except that then the ISP's become gatekeepers and they end up being force to monitor other stuff such as bittorrent, voip, IM, etc. I have no problem with ISP's sending an email or making a phone-call to users who's traffic suddenly changes, but they shouldn't be taking immediate action unless their customer asks them to.

Re:Microsoft helps the internet

[terminalhype]

Actually, Microsoft has been doing things to piss people off for many years now, yet people still use it. Some people are just happier in an abusive relationship, I guess.

Private Corporations

[damicatz]

Since when do private corporations get to conduct raids and other police actions?

Re:Private Corporations

[damicatz]

Cooperating on the sidelines is one thing but it is improper to have Microsoft employees actively participating in the execution of a warrant. The proper thing to do would be to have the federal agents seize the computers and then hand them over to Microsoft. The last thing this country needs is for corporations to be given police powers.

Re:Private Corporations

[damicatz]

That still doesn't give corporations the constitutional authority to conduct their own raids. If they wish to file a civil action against the EULA violation, that is one thing. And then they can get a court order to seize the computers for their own discovery process. The enforcement of the court order, however, should be carried about by law enforcement officials, not by a private security force. After the law enforcement officials seize the computers pursuant to the court order, they can then turn them over for discovery.

Re:Private Corporations

I've done this (gone on a "hacker" bust with the Secret Service). At that time, the feds would serve the warrant, do a lot of documentation (videos, photos, etc.). and the technical consultant would take apart the hardware (under supervision of agents) and do forensics.

It's not like MIcrosoft would bust in doors. Educated guess: They're providing technical know-how that the feds lack.

Re:Private Corporations

[mikael_j]

I'll admit that I haven't read TFA but I don't see any problem with MS (or other companies' employees for that matter) joining the police in the raid to make sure it doesn't turn out like the raid against TPB here in Sweden (where the cops basically raided the datacenter and took pretty much every machine they found, turned out that the vast majority of those machines weren't related to TPB and were in fact owned or rented by various businesses who were not all that happy about the cops being unable to just grab the machines they were looking for).

Re:Private Corporations

[h4rm0ny]

And no one dare give any of the "It's MY PC, I will use it however I choose!" bullshit. The EULA CLEARLY states the contrary.

Are you serious? EULA's don't contradict the laws of the land. If I break the terms of a EULA, then the company can go to the courts to seek redress, but they'd better not try kicking down my door and coming after my computer. In this instance, it's probably a red herring because the Feds probably needed Microsoft's assistance and it was at the Fed's invitation. But your proposal that EULA violations should empower corporations with Super Viglante Powers of Justice is either silly or scary depending on whether anyone else agrees with you.

Re:Who "entered" the facilities?

[dreemernj]

From TFA:

As part of that dragnet, U.S. marshals accompanied employees of Microsoft's digital crimes unit into Internet hosting facilities in Kansas City, Mo.; Scranton, Pa; Denver; Dallas; Chicago; Seattle and Columbus, Ohio. The Microsoft officials brought with them a federal court order granting them permission to seize computers within the facilities alleged to be "command-and-control" machines, through which the operators of the Rustock botnet broadcast instructions to their army of infected computers, estimated by Microsoft at more than one million machines world-wide.

Re:Who "entered" the facilities?

[Attila+Dimedici]

The summary is actually reasonably worded for a change (although not entirely accurate). This raid happened as part of a civil lawsuit filed by Microsoft againt the operators of this botnet. Microsoft obtained a court order for the seizure of certain computers within these various facilities. They sent out a taskforce who were accompanied by U.S. Marshalls. This appears to be a perfectly legitimate action where Microsoft presented sufficient evidence in court to seize these assets and then worked with law enforcement to do so.

Re:Who "entered" the facilities?

[Medinos]

I was once in an office raided by the FDA and local police. The person who was working with them on the case walked in behind and showed them what they needed. So if Microsoft was any part of the raiding party, their representative simply walked in behind them and did any "consultant work" that was requested by the authorities.

Scranton?

[smooth+wombat]

So that's why Micheal left. He knew the Feds were closing in.

Re:Corporatism

[trollertron3000]

Only a dumb fuck would say taking down a botnet is a bad thing.

Re:Corporatism

[Attila+Dimedici]

These raids were conducted pursuant to a court order issued in relation to a lawsuit filed by Microsoft. So, no, there was nothing wrong with Microsoft employees taking part in this raid.

Too true

[Kupfernigk]

I completely agree. For the great majority of users, computers have become just too complicated and confusing to operate, and the great majority of users are also stupid. Microsoft is part of the problem because, in its effort to gain consumer market share, it has just allowed those users to do far too much, in ignorance.

The same thing happened with cars; when they were rare and and expensive, the people who bought them either employed someone to drive them or were sufficiently interested to learn to do it properly themselves. When the mass market really took off, driving licences followed, along with compulsory insurance. But, at the same time, the "user interface" got simplified and standardised.

The iPad, or a laptop equivalent, is what most people actually want. But Microsoft's entire consumer business model is currently based around not giving it to them. It looks as if we are going to have to rely (currently) on Apple, HP and perhaps Motorola to come up with a reasonably secure solution to letting the monkeys into the banana plantation, since most of us are never going to be in a position to force them to use Windows 7 with a non-Administrator account.

Re:Too true

[ciderbrew]

I would mod you troll or flamebait for a comment like "great majority of users are also stupid"; but the rest of what you wrote is right. These people are not stupid, they just have interests other than computers. I've no idea what that may be; but they seem to have them.

Re:Too true

[recoiledsnake]

I completely agree. For the great majority of users, computers have become just too complicated and confusing to operate, and the great majority of users are also stupid. Microsoft is part of the problem because, in its effort to gain consumer market share, it has just allowed those users to do far too much, in ignorance.

The same thing happened with cars; when they were rare and and expensive, the people who bought them either employed someone to drive them or were sufficiently interested to learn to do it properly themselves. When the mass market really took off, driving licences followed, along with compulsory insurance. But, at the same time, the "user interface" got simplified and standardised.

The iPad, or a laptop equivalent, is what most people actually want. But Microsoft's entire consumer business model is currently based around not giving it to them. It looks as if we are going to have to rely (currently) on Apple, HP and perhaps Motorola to come up with a reasonably secure solution to letting the monkeys into the banana plantation, since most of us are never going to be in a position to force them to use Windows 7 with a non-Administrator account.

I call BS. Anytime MS even tries to look at that route, Slashdot screams bloody murder.

Read the comments:

http://tech.slashdot.org/article.pl?sid=09/02/16/2259257
http://it.slashdot.org/story/08/07/30/204241/Dual-Boot-Not-Trusted-Rejected-By-Vista-SP1

And the iPad comes with a 30% tax on developers and services like Netflix which they or users have to pay. Do you want a future where companies can reject their competitors' apps 'just because' ? See what happened to Google Voice on the app store, and how an Android magazine app was banned. Do you really want to go that route? There would be no Firefox or Chrome, or even podcast players for 'duplicating functionality' because that would confuse users.

Re:Too true

[h4rm0ny]

For the great majority of users, computers have become just too complicated and confusing to operate,

I think a part of that is people just don't accept that they have to learn how to use a computer. If they actually accepted that maybe they couldn't just sit in front of this complicated piece of equipment and magically do everything, then perhaps they'd take a few moments to think or read about it and then it wouldn't be so complicated and confusing to them.

There was someone extremely irritating at a place I worked some years ago, who asked me to help them line up the paragraphs in Word (some older version than the latest). After helpfully pressing a few buttons to line things up on the left again, accompanied by the cooing wonder of this ...person... and their inane comments of "oh, I'm so bad at computers", I made the mistake of pointing out the Help option in Word and saying: "you know, there's documentation on this. It would be worth taking an hour to read through it all.". Instant snappy nastiness ensued. I seemed to have called them a liar when they said that they were bad with computers and somehow implied that it was their fault. Goodness me! How dare I?

If someone who uses Word every working day of their life can't be bothered to spend an hour (less, really) reading through a little bit of documentation or a tutorial, then what hope is there? Must we all suffer from locked down, dumbed down systems because some people expect everything in life to be super-easy?

I see the point you're making. I fully understand it. But those of us who actually use our brains despise a looming future in a world where we're not able to because some people might injure themselves if they tried.

Re:Too true

[pauljlucas]

And the iPad comes with a 30% tax on developers...

And developers don't have to pay anything for the bandwidth to have their app downloaded; nor do they have to with companies like Digital River and pay them a percentage of sales; nor do they have to try to get into various distribution channels since they're included in the now de-facto standard distribution channel for all Macs. Developers are getting something in return for that 30%. Also, for free apps, 30% of $0 is $0.

Do you want a future where companies can reject their competitors' apps 'just because' ?

No, I don't, so I will agree with you on that point.

Re:Too true

[tlhIngan]

And the iPad comes with a 30% tax on developers and services like Netflix which they or users have to pay.

Sigh. People keep spouting such untruths that it's increditble.

The 30% tax applies only on on-device subscriptions. How they generalize "I subscribe to service on my iDevice" to "I subscribe to service" is... incredible.

If you subscribe to Netflix via the iDevice app then yes, Apple takes their 30% cut, as Apple brought you a subscriber. Think of it as a referral fee.

If you subscribe to Netflix via the web, then use the iDevice app to access your account, Apple gets nothing because they didn't bring a subscriber to you.

Put another way, the only way you can pay for stuff (goods or services) on an iDevice is via Apple's payment service, and Apple will take a 30% cut via that mechanism. If you get the user to pay for a good or service outside of the iDevice, then Apple won't get their cut.

Re:Too true

[E-Rock]

I've seen people who got infected from an e-mail, with a password protected zip file. They had to copy the file, open it, enter the password, then run the file in there, then click through UAC, then got infected.

There is no level of technical protection that can protect that user.

No

[Kupfernigk]

It was under 90 years ago, and in any case the point there was that corporations were part of the State. In this case, the corporation applied to the Government for authorisation and the police supervised it. Under Fascism, the Government would have instructed Microsoft to carry out the raid. See the difference?

Perhaps you should upgrade your nick to a more modern CPU.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:I don't understand... just follow the money...

[h4rm0ny]

I'm not fully convinced of that. Buy something from a spam email and there's a good chance you'll be defrauded. Which creates problems for the credit card companies. I got a couple of fraudulent charges to a card of mine once (and I'm careful with mine) so I'm guessing it was a compromised shop database somewhere. The company called me up quickly and cancelled the payment and I got my money back. To do that, they must be spending a fair amount of money on anti-fraud. Anything that helps them cut down on that cost is probably going to be something they're in favour of. There might be a lot of money in spam from an individuals' point of view, but as a slice of the overall transactions the credit card companies and banks deal with, it's a petty little thing.