Microsoft: No Botnet Is Indestructible

CWmike writes "No botnet is invulnerable, a Microsoft lawyer involved with the Rustock take-down said Tuesday, countering claims that another botnet was 'practically indestructible.' Richard Boscovich, a senior attorney with Microsoft's Digital Crime Unit said, 'If someone says that a botnet is indestructible, they are not being very creative legally or technically. Nothing is impossible. That's a pretty high standard.' Instrumental in the effort that led to the seizure of Rustock's command-and-control servers in March, Boscovich said Microsoft's experience in take-downs of Waledac in early 2010 and of Coreflood and Rustock this year show that any botnet can be exterminated. 'To say that it can't be done underestimates the ability of the good guys,' Boscovich said. 'People seem to be saying that the bad guys are smarter, better. But the answer to that is 'no.''"

Alternate Title

[phantomfive]

Alternate title:
"Microsoft Says: My Botnet is Bigger Than Yours"

Re:Alternate Title

I could root you, but i'd have to charge.

Re:Impossible really means nobody knows how

[Jah-Wren+Ryel]

What Microsoft is saying is that it isn't hard, and that they can do it. They are basically mocking the guys who said it was indestructible, and, to put it kindly, saying that "they suck". This is Microsoft throwing down the gauntlet and saying, "we are better than you." Who knows, maybe they are.

The proof's in the pudding. Until they actually do take it down, its all just trash talk.

It doesn't help that its a lawyer doing the trash talking either, it seems all too common for people with law-centric world views to be completely out of sync with a world that operates on the principles of physics.

Windows 7 checks in with M$ so he thinks yes

[NSN+A392-99-964-5927]

Let me start by saying every time you boot your system on Windows 7, data is sent to Microsoft to check whether your are online and for internet connectivity.

Now although you probably never gave it a second thought. NCSI is an active tool used by Microsoft to lead Boscovich to these comments.

I am not sure if this has been posted on /. before however this url http://blog.superuser.com/2011/05/16/windows-7-network-awareness maybe makes Boscovich feel all warm and fuzzy inside as they can do more with NCSI and cut out botnets. This can be defeated as in the URL above.

Whilst I am on a roll, http://www.microsoft.com/industry/government/solutions/cofee/default.aspx is nothing special the commands in COFEE with some extra switches are;

arp.exe -a
at.exe
autorunsc.exe
getmac.exe
handle.exe -a
hostname.exe
ipconfig.exe /all
msinfo32.exe /report %OUTFILE%
nbtstat.exe -n
nbtstat.exe -A 127.0.0.1
nbtstat.exe -S
nbtstat.exe -c
net.exe share
net.exe use
net.exe file
net.exe user
net.exe accounts
net.exe view
net.exe start
net.exe Session
net.exe localgroup administrators /domain
net.exe localgroup
net.exe localgroup administrators
net.exe group
netdom.exe query DC
netstat.exe -ao
netstat.exe -no
openfiles.exe /query/v
psfile.exe
pslist.exe
pslist.exe -t
psloggedon.exe
psservice.exe
pstat.exe
psuptime.exe
quser.exe
route.exe print
sc.exe query
sc.exe queryex
sclist.exe
showgrps.exe
srvcheck \127.0.0.1
tasklist.exe /svc
whoami.exe

Awww how 31337 M$

Re:Impossible really means nobody knows how

[artor3]

Personally, I think that the fact that it's coming from a lawyer makes it more convincing (and frightening). Note that he's saying you need to get legally creative. That sounds like not-so-subtle code for no-knock raids and extraordinary rendition. I don't care how well written your malware is. It's not gonna help you one bit if when a multibillion dollar corporation convinces the Russian police to disappear you and your buddies.

Re:And it is

[JustOK]

I'm still waiting for it to finish shutting down.