Microsoft Conducts Massive Botnet Takedown Action

← Back to Stories (view on slashdot.org)

Microsoft Conducts Massive Botnet Takedown Action

Posted by Soulskill on Friday March 18, 2011 @12:55AM from the practice-for-fighting-skynet dept.

h4rm0ny writes "Microsoft, in cooperation with Federal agents, conducted what the Wall Street Journal described as 'sweeping legal attacks' as they entered facilities in Kansas City, Scranton, Pa, Denver, Dallas, Chicago, Seattle and Columbus, Ohio to seize alleged 'command and control' machines for the Rustock botnet — described as the largest source of spam in the world. The operation is intended to 'decapitate' the botnet, preventing the seized machines from sending orders to suborned PCs around the world."

19 of 302 comments (clear)

Microsoft helps the internet by viablos · 2011-03-18 00:56 · Score: 4, Insightful

I think this shows that Microsoft cares about the internet. It's not really Microsoft's problem, but they still help to solve it. Fact is, you cannot change stupid people and they will get their computers infected no matter what. Windows 7 is just as secure as Mac OSX or Linux, but it's the users what is the problem. Good job Microsoft, for taking care of the internet.
1. Re:Microsoft helps the internet by ledow · 2011-03-18 01:05 · Score: 3, Insightful
  
  "It's not really Microsoft's problem, but they still help to solve it."
  Wiki says: The Rustock botnet (founded around 2006) is a botnet that consists of an estimated 150,000 computers running Microsoft Windows.
  It could be suggested that, at some level, it *IS* a Microsoft problem, in the same way that it would be Nintendo's problem if everyone's Wii suddenly started joining a botnet. Yeah, partly the user and partly the malware author, but also quite a bit the OS insecurity too.
2. Re:Microsoft helps the internet by Joce640k · 2011-03-18 01:11 · Score: 3, Insightful
  
  How can you secure an OS against users who click "yes"?
  Windows is already a total pain in the butt trying to nanny/protect people but it's made no difference whatsoever to the amount of spam arriving here.
  
  --
  No sig today...
3. Re:Microsoft helps the internet by Bert64 · 2011-03-18 01:13 · Score: 3, Insightful
  
  Sure, you cannot change stupid people but you can make it more difficult for their stupidity to be exploited...
  Similarly windows 7 may be better than previous versions, but it's no magic bullet and does nothing to remove all the existing old versions out there either...
  MS are directly responsible for many insecure design decisions and technologies which make it easier for malware, such things as hiding file extensions by default while relying on file extensions to determine executability, activex, allowing/encouraging users to run with admin privileges by default, having extremely complex network services (msrpc, netbios etc) running by default even on standalone workstations, making it simple to execute email attachments, using obfuscated file formats which make it easier for malicious code to hide, automatically executing programs when removable media is inserted, no centralised way to update third party applications... not to mention an os which is insanely complex and containing years and years worth of cruft giving huge numbers of places for bugs to hide and often making it more difficult to fix them.
  Sure, malware would still exist if linux or macos were the most common end user platform, but i don't believe the problem would be as serious as it is with windows.
  
  --
  http://spamdecoy.net - free throwaway anonymous email - avoid spam!
4. Re:Microsoft helps the internet by Buggz · 2011-03-18 01:15 · Score: 3, Insightful
  
  What MS really need to do is educate people - instead of an intimidating dialogue that says "DO YOU WANT TO ALLOW THIS YES | NO" there needs to be an explanation of the consequences.
  If they don't care, they don't read it. For those people, any kind of message box is in the way of them getting to what they wanted to do and thus they click on YES just to get rid of the it.
5. Re:Microsoft helps the internet by Bert64 · 2011-03-18 01:16 · Score: 5, Insightful
  
  Make cut down systems with limited functions aimed at end users (eg ipad), this will serve end users much better since they no longer have to worry about the complexity of a general purpose os...
  Advanced users can still use more complex computers, on the basis that advanced users are far less likely to fall for social engineering tricks, you don't see many such attacks aimed at people using a cli based unix system.
  
  --
  http://spamdecoy.net - free throwaway anonymous email - avoid spam!
6. Re:Microsoft helps the internet by Bert64 · 2011-03-18 01:21 · Score: 3, Interesting
  
  Linux marketshare is huge everywhere but the desktop...
  Supercomputers - 80-90% linux, who wouldnt want to hack into a top500 supercomputer?
  Phones - android linux, iphone running an osx derivative..
  Servers - linux is pretty big in the server market, servers make far more attractive targets for hackers since they're usually more powerful and have more bandwidth.
  Embedded - linux is pretty big in the embedded market too, lots of networking equipment runs linux, lots of pvr devices too, ip telephony handsets, all kinds of stuff.
  In terms of overall installs, i wouldn't be surprised to find that linux actually outnumbers windows quite considerably.
  
  --
  http://spamdecoy.net - free throwaway anonymous email - avoid spam!
7. Re:Microsoft helps the internet by VortexCortex · 2011-03-18 03:07 · Score: 5, Interesting
  
  Except that you can have as much security as you want, but there'll still always be people who click yes to every message box because they want... I dunno, whatever the craze is these days. 100 free animated cursors or whatever. It's not the fault of people like us, who would know how to spot a botnet, it's the fault of people that don't know, and don't care. The same would happen on *nix if you had huge quantities of people who would give anything and everything root just because it asked. What MS really need to do is educate people - instead of an intimidating dialogue that says "DO YOU WANT TO ALLOW THIS YES | NO" there needs to be an explanation of the consequences.
  Actually, my parents and my neighbor are all all of the ilk that click yes to everything. They constantly infected their machines until I installed Linux for them (I used the Vista is crap FUD wars in my favor). The UI difference between XP and Win7 or Vista is somewhat similar to the difference they encountered on Linux, and there are FOSS replacements for all of the things they need to do: Email, Web, music & video, simple games, Create / Open documents & PDFs (Open office actually opens a few of my mom's MS docs that MS Office wouldn't, and the OS's print to file:PDF is a brilliant built in feature.)
  My neighbor (a 75yr old retired mechanic) has actually commented that he finds the Linux OS prompt dialogs easier to understand & more informative.
  
  Windows: User Account Control stops unauthorized access to your computer. If you started this action, continue. ____(Program/Action)____
  ____(Publisher)____
  
  Linux: To install or remove software, you need to authenticate. (An application is attempting to perform an anction that requires privileges. Authentication is required to perform this action.
  Password: ____
  (click here for details)
  Action: ___
  Vendor: ____
  He has less problems using Linux (shaky hands -- Gnome has drag & drop threshold, no more accidental file copy or moves).
  The yes-clickers still click yes to everything, they have tons of software installed from the repositories that they don't really need, just because they never uninstall things after they try them. They have yet to contract a virus. Theoretically they are still at risk, and if the Linux using crowd becomes a large enough target, we may see more viruses in Linux (this theory has yet to be proven, and fails to consider that, unlike Windows, Linux has many different distributions and a better update policy).
  However, right now, Windows is the only OS that has rampant malware problems. If you are concerned with the rampant virus problem, it would be wise to not willfully expose yourself to it by not using the only OS brand with such a problem... It seems like a simple solution, UI difference FUD & incompatible application FUD be damned; I've found that most people who actually give desktop distros of Linux an earnest try have no more problems than people upgrading from XP to Win7.
  Yes, there are people who must use some program that just doesn't have a FOSS replacement or run well in WINE -- These people are not the average user that has been trained to clicks yes to everything and hosts botnets.
8. Re:Microsoft helps the internet by Blakey+Rat · 2011-03-18 03:20 · Score: 3, Informative
  
  Yeah, partly the user and partly the malware author, but also quite a bit the OS insecurity too.
  But... it's not "partly" the user, it's like 80% the user. And "OS insecurity" is more often insecurity in Adobe or JavaVM or QuickTime than it is in Windows itself. (Although there is some Windows in there, admittedly.)
  So, I agree with the OP here. If it was a fair world, every software vendor on Windows whose software was full of security holes should be helping out with this... Adobe is responsible for a lot more attacks than Microsoft has been in the last decade. It's been a long while since Microsoft was the main cause of the problem.
  
  --
  Comment of the year
9. Re:Microsoft helps the internet by LordLimecat · 2011-03-18 03:34 · Score: 3, Informative
  
  OS insecurity has very little to do with it. Make 'rootkit_and_sendspam.sh' and run it from a Linux box, it will work just as well. Whats that, gksu will prompt you if you really want to do that? IIRC Vista and seven do as well, and if people actually followed Microsoft's best practices for XP, youd get a runas prompt on that as well.
  In 5 years, the story will be about Apple viruses; that doesnt mean Unix is insecure (though it may indeed be because of Adobe flaws).
10. Re:Microsoft helps the internet by CohibaVancouver · 2011-03-18 03:52 · Score: 3, Interesting
  
  there'll still always be people who click yes to every message box because they want
  I'm not a network admin, but sometimes I wonder if the place to trap this is upstream at the ISP - So if my mum's box is a bot it doesn't matter (other than the slowdown) because the "bad" traffic from her machine is stopped at the ISP?
11. Re:Microsoft helps the internet by terminalhype · 2011-03-18 05:04 · Score: 3, Funny
  
  Actually, Microsoft has been doing things to piss people off for many years now, yet people still use it. Some people are just happier in an abusive relationship, I guess.
Re:Who "entered" the facilities? by Attila+Dimedici · 2011-03-18 01:09 · Score: 4, Informative

The summary is actually reasonably worded for a change (although not entirely accurate). This raid happened as part of a civil lawsuit filed by Microsoft againt the operators of this botnet. Microsoft obtained a court order for the seizure of certain computers within these various facilities. They sent out a taskforce who were accompanied by U.S. Marshalls. This appears to be a perfectly legitimate action where Microsoft presented sufficient evidence in court to seize these assets and then worked with law enforcement to do so.

--
The truth is that all men having power ought to be mistrusted. James Madison
Re:Who "entered" the facilities? by Medinos · 2011-03-18 01:12 · Score: 3, Informative

I was once in an office raided by the FDA and local police. The person who was working with them on the case walked in behind and showed them what they needed. So if Microsoft was any part of the raiding party, their representative simply walked in behind them and did any "consultant work" that was requested by the authorities.
Re:Private Corporations by mikael_j · 2011-03-18 01:13 · Score: 3, Informative

I'll admit that I haven't read TFA but I don't see any problem with MS (or other companies' employees for that matter) joining the police in the raid to make sure it doesn't turn out like the raid against TPB here in Sweden (where the cops basically raided the datacenter and took pretty much every machine they found, turned out that the vast majority of those machines weren't related to TPB and were in fact owned or rented by various businesses who were not all that happy about the cops being unable to just grab the machines they were looking for).

--
Greylisting is to SMTP as NAT is to IPv4
Too true by Kupfernigk · 2011-03-18 01:36 · Score: 4, Insightful

I completely agree. For the great majority of users, computers have become just too complicated and confusing to operate, and the great majority of users are also stupid. Microsoft is part of the problem because, in its effort to gain consumer market share, it has just allowed those users to do far too much, in ignorance.
The same thing happened with cars; when they were rare and and expensive, the people who bought them either employed someone to drive them or were sufficiently interested to learn to do it properly themselves. When the mass market really took off, driving licences followed, along with compulsory insurance. But, at the same time, the "user interface" got simplified and standardised.
The iPad, or a laptop equivalent, is what most people actually want. But Microsoft's entire consumer business model is currently based around not giving it to them. It looks as if we are going to have to rely (currently) on Apple, HP and perhaps Motorola to come up with a reasonably secure solution to letting the monkeys into the banana plantation, since most of us are never going to be in a position to force them to use Windows 7 with a non-Administrator account.

--
From scarped cliff or quarried stone she cries "A thousand types are gone, I care for nothing, no not one."
1. Re:Too true by recoiledsnake · 2011-03-18 01:59 · Score: 4, Insightful
  
  I completely agree. For the great majority of users, computers have become just too complicated and confusing to operate, and the great majority of users are also stupid. Microsoft is part of the problem because, in its effort to gain consumer market share, it has just allowed those users to do far too much, in ignorance.
  The same thing happened with cars; when they were rare and and expensive, the people who bought them either employed someone to drive them or were sufficiently interested to learn to do it properly themselves. When the mass market really took off, driving licences followed, along with compulsory insurance. But, at the same time, the "user interface" got simplified and standardised.
  The iPad, or a laptop equivalent, is what most people actually want. But Microsoft's entire consumer business model is currently based around not giving it to them. It looks as if we are going to have to rely (currently) on Apple, HP and perhaps Motorola to come up with a reasonably secure solution to letting the monkeys into the banana plantation, since most of us are never going to be in a position to force them to use Windows 7 with a non-Administrator account.
  I call BS. Anytime MS even tries to look at that route, Slashdot screams bloody murder.
  Read the comments:
  http://tech.slashdot.org/article.pl?sid=09/02/16/2259257
  http://it.slashdot.org/story/08/07/30/204241/Dual-Boot-Not-Trusted-Rejected-By-Vista-SP1
  And the iPad comes with a 30% tax on developers and services like Netflix which they or users have to pay. Do you want a future where companies can reject their competitors' apps 'just because' ? See what happened to Google Voice on the app store, and how an Android magazine app was banned. Do you really want to go that route? There would be no Firefox or Chrome, or even podcast players for 'duplicating functionality' because that would confuse users.
  
  --
  This space for rent.
2. Re:Too true by h4rm0ny · 2011-03-18 02:10 · Score: 5, Insightful
  
  For the great majority of users, computers have become just too complicated and confusing to operate,
  I think a part of that is people just don't accept that they have to learn how to use a computer. If they actually accepted that maybe they couldn't just sit in front of this complicated piece of equipment and magically do everything, then perhaps they'd take a few moments to think or read about it and then it wouldn't be so complicated and confusing to them.
  
  There was someone extremely irritating at a place I worked some years ago, who asked me to help them line up the paragraphs in Word (some older version than the latest). After helpfully pressing a few buttons to line things up on the left again, accompanied by the cooing wonder of this ...person... and their inane comments of "oh, I'm so bad at computers", I made the mistake of pointing out the Help option in Word and saying: "you know, there's documentation on this. It would be worth taking an hour to read through it all.". Instant snappy nastiness ensued. I seemed to have called them a liar when they said that they were bad with computers and somehow implied that it was their fault. Goodness me! How dare I?
  
  If someone who uses Word every working day of their life can't be bothered to spend an hour (less, really) reading through a little bit of documentation or a tutorial, then what hope is there? Must we all suffer from locked down, dumbed down systems because some people expect everything in life to be super-easy?
  
  I see the point you're making. I fully understand it. But those of us who actually use our brains despise a looming future in a world where we're not able to because some people might injure themselves if they tried.
  
  --
  
  Aide-toi, le Ciel t'aidera - Jeanne D'Arc.
No by Kupfernigk · 2011-03-18 01:42 · Score: 4, Informative

It was under 90 years ago, and in any case the point there was that corporations were part of the State. In this case, the corporation applied to the Government for authorisation and the police supervised it. Under Fascism, the Government would have instructed Microsoft to carry out the raid. See the difference?
Perhaps you should upgrade your nick to a more modern CPU.

--
From scarped cliff or quarried stone she cries "A thousand types are gone, I care for nothing, no not one."