Microsoft Disables Kelihos Botnet

← Back to Stories (view on slashdot.org)

Microsoft Disables Kelihos Botnet

Posted by Unknown on Tuesday September 27, 2011 @07:55AM from the i'm-down-to-20k-viagra-offers-per-day dept.

Trailrunner7 writes with an excerpt from an article in Threatpost: "Continuing its legal assault on botnet operators and the hosting companies that the criminals use for their activities, Microsoft has announced new actions against a group of people it contends are responsible for the operation of the Kelihos botnet. The company has also helped to take down the botnet itself and says that Kelihos's operators were using it not only to send out spam and steal personal information but also for some more nefarious purposes."

94 comments

Min score:

Reason:

Sort:

Explain by Anonymous Coward · 2011-09-27 07:59 · Score: 0

some more nefarious purposes, explain.
1. Re:Explain by Gunkerty+Jeb · 2011-09-27 08:06 · Score: 1
  
  I propose a new rule: first you read the article, then you ask questions.
2. Re:Explain by ylt · 2011-09-27 08:07 · Score: 0
  
  for those to lazy to follow the link: ". .has previously been investigated for hosting subdomains responsible for delivering MacDefender, a type of scareware that infects Apple’s operating system. Also, in May 2011, Google temporarily blocked subdomains hosted by the cz.cc domain from its search results after it discovered it was hosting malware. ."
3. Re:Explain by Zerth · 2011-09-27 08:16 · Score: 1
  
  They used it as a cluster for cross-compiling ARM linux distros.
4. Re:Explain by Anonymous Coward · 2011-09-27 08:56 · Score: 0
  
  You must be new here.
5. Re:Explain by ackthpt · 2011-09-27 09:15 · Score: 2
  
  some more nefarious purposes, explain.
  Exposing security holes in Windows. 'nuf said.
  
  --
  
  A feeling of having made the same mistake before: Deja Foobar
6. Re:Explain by godel_56 · 2011-09-27 09:17 · Score: 1
  
  for those to lazy to follow the link: ". .has previously been investigated for hosting subdomains responsible for delivering MacDefender, a type of scareware that infects Apple’s operating system. Also, in May 2011, Google temporarily blocked subdomains hosted by the cz.cc domain from its search results after it discovered it was hosting malware. ."
  . . . and kiddie porn.
7. Re:Explain by Alien+Being · 2011-09-27 12:34 · Score: 1
  
  It's their idea of a bug fix.
8. Re:Explain by LordLimecat · 2011-09-27 14:45 · Score: 1
  
  in b4 Macs dont have trojans or exploits.
First by Anonymous Coward · 2011-09-27 07:59 · Score: 0

more nefarious purposes? I though you were going to say Folding at home... no duh it was nefarious
1. Re:First by Anonymous Coward · 2011-09-27 08:03 · Score: 0
  
  Haha you were second
2. Re:First by rilles · 2011-09-28 01:30 · Score: 1
  
  Folding at home? is that what the wife is for? oh wait.. this is slashdot... I meant to say, isn't that what mommy is for?
I fap to gay porn by Anonymous Coward · 2011-09-27 08:05 · Score: 1, Informative

I fap to gay porn.
1. Re:I fap to gay porn by Dexter+Herbivore · 2011-09-27 17:25 · Score: 1
  
  +1 Informative? I would've thought it was Insightful, but to each their own.
2. Re:I fap to gay porn by Anonymous Coward · 2011-09-27 18:45 · Score: 0
  
  How can providing a simple fact be insightful? There's no analysis or evaluation at all.
  
  in-sight
  2. penetrating mental vision or discernment
3. Re:I fap to gay porn by Berg0r · 2011-09-27 19:51 · Score: 0
  
  Gay porn can be very penetrating and if you don't like it, it can penetrate your mental vision for a long time.
They could disable the majority of botnets by Hentes · 2011-09-27 08:06 · Score: 3, Insightful

They are the ones who really could do much against botnets by patching Windows vulnerabilities.
1. Re:They could disable the majority of botnets by Krojack · 2011-09-27 08:19 · Score: 5, Insightful
  
  No matter how much you patch, you can't patch stupid people that click on the fake ads and scam emails.
2. Re:They could disable the majority of botnets by Riceballsan · 2011-09-27 08:23 · Score: 4, Insightful
  
  Now that's crazy talk, in the modern day society hackers and criminal geniouses will get past anything, companies being liable for their own flaws is a foreign concept. The best response is to reactively find and imprison the hackers. It's not sony's fault that they were using an out of date unpatched version of apache, it's the small group of script kiddies that realized it. The sad thing is right now security is so universally terrible, people actually are starting to believe that these breaches are caused by super hackers that can break into anything, rather then by amuatures taking advantage of huge gaping holes. The idea of computers somehow changes peoples minds to believe in supergeniouses. If a group of high schoolers snuck into a bank, and plastered grafiti on the walls and xeroxed customer data, 10% of the anger would go to the kids, 90% to the banks terrible security. If a group of high schoolers defaced the banks webpage "OMG they are super genious criminals, ship them to guantanemo bay!!!"
3. Re:They could disable the majority of botnets by Anonymous Coward · 2011-09-27 08:26 · Score: 0
  
  So if I break into your house and steal your stuff it's all your own fault, right?
4. Re:They could disable the majority of botnets by h4rr4r · 2011-09-27 08:31 · Score: 1
  
  If he left the door unlocked there is a good chance the insurance won't pay. That is what needs to happen here, some sort of cost of poor security.
5. Re:They could disable the majority of botnets by Krojack · 2011-09-27 08:33 · Score: 1
  
  It's not sony's fault that they were using an out of date unpatched version of apache, it's the small group of script kiddies that realized it.
  But if they are knowingly running unpatched versions then they too are at fault. It's their responsibility to keep their software updated.
6. Re:They could disable the majority of botnets by Sir_Sri · 2011-09-27 08:33 · Score: 2
  
  Um... they do patch windows vulnerabilities. Not everyone installs them in a timely fashion though, and the more draconian windows becomes about forcing you to install updates the more people get upset and resist. Writing a completely new underlying structure to handle patching only works so well and only retains so much compatibility.
  Even if you do install updates, there's a gap between vulnerabilities being discovered and when a patch can land on your computer.
7. Re:They could disable the majority of botnets by plasmana · 2011-09-27 08:33 · Score: 1
  
  No, it's the builder fault ;) Obviously, they should have thought about EVERY possible way my house could have been broken into before they build it!
8. Re:They could disable the majority of botnets by Krojack · 2011-09-27 08:39 · Score: 0
  
  Um... they do patch windows vulnerabilities. Not everyone installs them in a timely fashion though
  Or Microsoft don't release them in a timely fashion. Most of the time they have the problem fixed the next day but wait till their next wave of patch releases which could be 2-3 weeks down the road.
9. Re:They could disable the majority of botnets by Anonymous Coward · 2011-09-27 08:40 · Score: 1
  
  If he left the door unlocked there is a good chance the insurance won't pay. That is what needs to happen here, some sort of cost of poor security.
  In some places on this planet it is completely normal to leave the door unlocked.
10. Re:They could disable the majority of botnets by janus03 · 2011-09-27 08:43 · Score: 1
  
  Or Microsoft don't release them in a timely fashion.
  Or Adobe does not. Flash and PDF exploits still tops the list.
11. Re:They could disable the majority of botnets by Anonymous Coward · 2011-09-27 08:43 · Score: 0
  
  "The more you tighten your grip, Tarkin, the more star systems will slip through your fingers." -- An evil empire quote that seems so fitting.
  Yes, in this case, I agree that Microsoft should go after the attackers. They've already asked their customers to apply patches, but their customers (and the silly people who steal their software [insert add for Free Software OS here]) who aren't applying patches are a hazard to the rest of us.
12. Re:They could disable the majority of botnets by Grishnakh · 2011-09-27 08:45 · Score: 1, Informative
  
  Bullshit. If you can just click on an email and this leads to your system being rooted, there's something fundamentally wrong with the software architecture. Same goes for ads on websites. There should never be any way of executing arbitrary code from an email or web site.
13. Re:They could disable the majority of botnets by Riceballsan · 2011-09-27 08:46 · Score: 1
  
  Partially yes, it is a combination of the 2 factors, it was my security was bad enough that someone could get in, and it was that person was both better and more inclined to deal with it. The inteligent response for a home break in is to contact the police and let them do their thing, and to strongly consider a better alarm system, or if it the robber broke in through a painfully stupid mistake of mine (say I left the back window open, door unlocked or any number of stupid things like that) that I fix that mistake. Secondly I don't advertise my house as a safe haven for other peoples things, someone takes advantage of the poor security of my house, who gets screwed over... I do. If I were running a business out of my home, and all of my clients paperwork or something were stolen, I would have to answer to them "why didn't you have a good alarm". If something that wasn't mine was stolen, you could bet your ass the person who's item it was would be furious with me.
14. Re:They could disable the majority of botnets by Riceballsan · 2011-09-27 08:49 · Score: 1
  
  While you are correct, the big issue I have with microsoft is they don't tend to patch things quickly. Almost every zero day exploit you hear about, were reported to MS years before being exploited, only microsoft dosn't tend to see them as a priority until someone is already taking advantage of them. On top of that, when it is being exploited, microsoft kicking things into overdrive, they still tend to wait until patch tuesday to release the fixes.
15. Re:They could disable the majority of botnets by bloodhawk · 2011-09-27 08:49 · Score: 4, Interesting
  
  Bullshit. If you can just click on an email and this leads to your system being rooted, there's something fundamentally wrong with the software architecture. Same goes for ads on websites. There should never be any way of executing arbitrary code from an email or web site.
  No their isn't anything fundamentally wrong with the software architecture. A vast majority of users are morons, the OS can prompt you to say what you are doing is dangerous, stupid (as windows already does) and users will STILL say yes show me that naked photo of XYZ by running dodgy.exe for me. You simply can't patch stupidity unless you create a highly controlled environment where the user doesn't have the right to run whatever they want.
16. Re:They could disable the majority of botnets by Anonymous Coward · 2011-09-27 08:55 · Score: 1
  
  The majority of exploits rely on patched vulnerabilities, the easy way to exploit a user is not to spend months searching for new vulnerabilities, it is reverse engineering patches and then relying on slow/dumb users that refuse to patch or patch slowly as chances are these are the same users stupid enough to fall for fake ads, nude photo exe's and other easy methods of user explotation.
17. Re:They could disable the majority of botnets by Grishnakh · 2011-09-27 08:58 · Score: 1, Informative
  
  Bullshit. If you have to do nothing but CLICK on the email, there is something wrong. Obviously, you can't prevent people from running dodgy executables without locking down the system entirely (requiring cryptographically signed executables, etc.), but that doesn't mean you have to make it easy for them either. This kind of thing is utterly impossible in Linux, and only happens in Windows because of the idiotic idea that you should allow arbitrary code to be executed directly from a website or email.
  Sure, you could include dodgy.exe in an email and give moronic users instructions how to right-click to save it to disk, open a file manager, go find the file on disk, then double-click on it to execute it, but thanks to human laziness very few people are going to go to all that trouble just to see the naked photo, and quite a few will probably remember being told never to do such a thing anyway. But when you make it so automatic that they don't have to click on anything, and only have to VIEW the email and they're infected, or be redirected to a dodgy website, THAT is a fundamental flaw in software design.
18. Re:They could disable the majority of botnets by bberens · 2011-09-27 09:08 · Score: 1
  
  Is there a widely available (as in I can purchase it at Best Buy) operating system that doesn't have several known privilege escalation vulnerabilities?
  
  --
  Check out my lame java blog at www.javachopshop.com
19. Re:They could disable the majority of botnets by h4rr4r · 2011-09-27 09:11 · Score: 1
  
  Sure, I have lived in those places. When the neighbor kids decide to steal your stuff, your insurance will still refuse to pay. No matter how normal it is for you to leave your doors unlocked.
20. Re:They could disable the majority of botnets by Krojack · 2011-09-27 09:11 · Score: 1
  
  Yes there are s few cases where just viewing the email will infect your computer however MOST of the email virii these days require user interaction by viewing/running the attached file. If you deny then then you're obviously stuck in the mid to late 90's.
21. Re:They could disable the majority of botnets by Anonymous Coward · 2011-09-27 09:16 · Score: 0
  
  You simply can't patch stupidity unless you create a highly controlled environment where the user doesn't have the right to run whatever they want.
  Absolutely agreed. And every time someone suggests making this highly controlled environment where you can only run certain things - slashdot users flame the idea. Think trusted execution.
22. Re:They could disable the majority of botnets by Anonymous Coward · 2011-09-27 09:20 · Score: 0
  
  Is there something in your contract that requires you to say "Bullshit." at the beginning of each post?
23. Re:They could disable the majority of botnets by bloodhawk · 2011-09-27 09:23 · Score: 2
  
  Bullshit. If you have to do nothing but CLICK on the email, there is something wrong. Obviously, you can't prevent people from running dodgy executables without locking down the system entirely (requiring cryptographically signed executables, etc.), but that doesn't mean you have to make it easy for them either. This kind of thing is utterly impossible in Linux, and only happens in Windows because of the idiotic idea that you should allow arbitrary code to be executed directly from a website or email.
  You seem to be utterly clueless on the common infection paths on both the windows and linux front. The vast majority is not getting infected by simply viewing emails or browsing to a website, they are being socially engineered into runing malware. Users are EXECUTING files that promise to provide them with various free goodies or access to all sorts of stuff. For instance the Kelihos botnet required you to open a link in a browser, then download and execute a program which it tried to disguise as a greeting card, last time I checked both windows and linux could perform this task of downloading a program and then running it, if you think otherwise then you are probably a perfect candidate for their target audience.
24. Re:They could disable the majority of botnets by jafiwam · 2011-09-27 09:26 · Score: 2
  
  Fundamentally, you are correct. But, I sense you are not an IT guy.
  When a User says "I didn't do anything" they actually mean; "I clicked on a bunch of stuff without thinking"
  The problem is, browsers shouldn't let people load stuff into temp cache and then install whatever it is without visiting the "My Downloads" or "Desktop" folders first. That would stop a lot of this scareware stuff that pops up look-alike windows to get people to click on and download things. The ones that are that stupid or inexperienced would have to go through the "manage files on my computer" loop that would make their state (stupid, or ignorant) work FOR them for once.
  So your point is irrelevant. For the most part those drive by scripting holes are gone. IF this weren't the case, my computers would be infected, and the blonde ditz at the front desk wouldn't be the only one infecting her computer all the time. It would be mine, from looking for recreational stuff or even HTML samples or whatever legit actual work I am doing.
25. Re:They could disable the majority of botnets by Anonymous Coward · 2011-09-27 09:30 · Score: 0
  
  Utterly impossible in Linux? That's a serious claim. This proves you wrong:
  http://www.securityfocus.com/bid/46368
  Look how locked down Apple iOS is... it's likely the most secure consumer grade operating system, and it's still exploitable via a web browser.
  There will always be exploitable bugs. The best we can do is layer different mitigations (DEP, ASLR, Secureboot, etc.) to remove the low hanging fruit, and even then we're still playing cat and mouse.
26. Re:They could disable the majority of botnets by Anonymous Coward · 2011-09-27 09:33 · Score: 0
  
  Sure, you could include dodgy.exe in an email and give moronic users instructions how to right-click to save it to disk, open a file manager, go find the file on disk, then double-click on it to execute it, but thanks to human laziness very few people are going to go to all that trouble just to see the naked photo, and quite a few will probably remember being told never to do such a thing anyway. But when you make it so automatic that they don't have to click on anything, and only have to VIEW the email and they're infected, or be redirected to a dodgy website, THAT is a fundamental flaw in software design.
  dude you need to buy a clue, your information is woefuly out of date, virus's just from viewing emails or web pages hasn't really been an effective means of spreading malware for some time now. Tricking users to download and execute programs is how the rustock and kelihos botnets spread, they aren't exploiting vulnerabilities in the OS/browser/email client, they are socially engineering user into downloading and then executing programs. this attack would work identically on linux as the size of rustock and Kelihos completely debunk your garbage that human laziness will protect people.
27. Re:They could disable the majority of botnets by Qzukk · 2011-09-27 09:34 · Score: 1
  
  This kind of thing is utterly impossible in Linux
  
  Open a terminal and chmod +x cutepuppy.jpg then type ./cutepuppy.jpg to see a cute puppy!
  And people will do it.
  Btw you don't have to completely "root" the system to be part of a botnet, but it helps, at least if you want your bot to keep running when the user reboots (though it could easily add itself to ~/.bash_profile to restart next time the user logs back in)
  
  --
  If I have been able to see further than others, it is because I bought a pair of binoculars.
28. Re:They could disable the majority of botnets by Anonymous Coward · 2011-09-27 10:04 · Score: 0
  
  This kind of thing is utterly impossible in Linux
  Okay, first off, you're complaining about browser security, and bashing the OS branch of Microsoft, so please redirect your nerd rage accordingly.
  Second, before you talk about how there aren't any botnets on linux, lets do a little critical thinking. For the sake of argument, let's assume that the same amount of work will go into a linux vulnerability as a microsoft vulnerability (I know that you may not agree, but I have seen very little concrete evidence to the contrary). For the sake of argument, let's assume that twice as many users of Microsoft XP will do something stupid to let you exploit the vulnerability as users of linux (this statistic is probably low, based on the fact that anyone still using XP is stuck a technological generation back). Then, according to the most recent numbers you can expect 60 times the ROI of a linux exploit on a windows exploit.
  Assuming that linux is more secure because it hasn't been the target of a botnet might just be the equivalent of assuming that pink cars are invulnerable based on this chart
29. Re:They could disable the majority of botnets by tlhIngan · 2011-09-27 10:07 · Score: 1
  
  Sure, you could include dodgy.exe in an email and give moronic users instructions how to right-click to save it to disk, open a file manager, go find the file on disk, then double-click on it to execute it, but thanks to human laziness very few people are going to go to all that trouble just to see the naked photo, and quite a few will probably remember being told never to do such a thing anyway.
  Users can do a surprisingly technical number of things in order to see Dancing Pigs. Let me describe in general the steps one had to take in order to do something a while back. First they had to download an executable, then run that executable. Click a few buttons. Then they had to tap a little bit, then find and download PuTTY and a SFTP client. Download another file, then use the SFTP client to transfer that file. Finally, log into PuTTY and execute a bunch of commands.
  And what did I describe? How to jailbreak an iPhone in the 2.x days and download and install the modified installer file to run pirated apps. And enough people did it that they left OpenSSH running with default password because none of the tutorials said to change the password. Which lead to an iphone virus that simply ssh'd itself around.
  Facebook spam relies on users copying and pasting raw javascript.in order to post to feeds.
  And it happens on Android as well - people install alternative stores to pirate Android apps, or download torrents of apps of unknown quality, leading to Android based botnets and such. And everyone who claims to read every single permission before tapping install is lying - again, users "want that app" so they'll tap install blindly. The permissions box is just a fancy version of "This file was downloaded off the Internet. Only run trusted files. Do you wish to run it?" dialogs that Windows and OS X has.
30. Re:They could disable the majority of botnets by beardz · 2011-09-27 10:24 · Score: 1
  
  Btw you don't have to completely "root" the system to be part of a botnet, but it helps, at least if you want your bot to keep running when the user reboots (though it could easily add itself to ~/.bash_profile to restart next time the user logs back in)
  Or even just add a @reboot entry to that user's crontab, for execution post-boot.
31. Re:They could disable the majority of botnets by Anonymous Coward · 2011-09-27 10:30 · Score: 0
  
  You don't seem to have a great deal of understanding of security or IT for that matter. that is not meant as an insult, it is a common enough thing. The botnets described in th article are not windows problems, the same attacks would be just as successful on any *nix machine
  firstly
  These botnets are not exploiting the software arcitecture or any vulnerability, they are exploiting user gullibility/stupidiy.
  
  Secondly
  a vulnerability is not a architectural problem, it is a security issue and software bug, the architecture could be perfect and still suffer from vulnerabilities (not saying it is perfect and really vulnerabilities aren't relevant to this discussion as that is not how users are being exploited).
  
  Thirdly
  It is possible for a virus to spread via email viewing if a vulnerability was found but that still doesn't make it an architecture problem , but honestly this simply isn't needed anymore and is far far harder to achieve than simply relying on good old fashioned user stupidity. This is not a windows problem, or a linux problem or a apple problem, they are all suspecible to user stupidity, there really is no good way around it without handcuffing the user.
32. Re:They could disable the majority of botnets by maxume · 2011-09-27 10:37 · Score: 1
  
  Man, you're complaining about 2003. XP is about as fixed as it is ever going to be (and the various email clients stopped auto-executing code years ago) and Vista and Windows 7 both default to prompting the user about every system change.
  
  --
  Nerd rage is the funniest rage.
33. Re:They could disable the majority of botnets by Anonymous Coward · 2011-09-27 10:44 · Score: 0
  
  What crawled up your butt this morning?
34. Re:They could disable the majority of botnets by dhavleak · 2011-09-27 10:48 · Score: 1
  
  Bullshit. If you can just click on an email and this leads to your system being rooted, there's something fundamentally wrong with the software architecture. Same goes for ads on websites. There should never be any way of executing arbitrary code from an email or web site.
  So Microsoft should leave the Kelihos botnet running? I don't follow your point.
35. Re:They could disable the majority of botnets by dhavleak · 2011-09-27 10:50 · Score: 2
  
  If there's any cases at all remaining, then there's a fundamental problem in the architecture. Why would there only be a few cases if the vulnerability still exists?
  In the architecture of what? You're citing flaws from 10 years ago, and hanging your hat on one very tiny point, and behaving like an indolent child, all at the same time. Add some specifics, and let's talk.
36. Re:They could disable the majority of botnets by Anonymous Coward · 2011-09-27 11:10 · Score: 0
  
  Just because Qzuuk (King Nobody himself) says so, people will do it (yea, right).
37. Re:They could disable the majority of botnets by shutdown+-p+now · 2011-09-27 11:21 · Score: 1
  
  Bullshit. If you can just click on an email and this leads to your system being rooted
  You don't need a rooted machine for it to be part of the botnet. It suffices for the user to launch an infected executable, that will just set itself up to start in background whenever he logs in from there on. It can perfectly well run with regular user's permissions to do what he needs to do.
  Then, of course, regardless of what is done, there are still countless XP boxes out there where users are admins since the alternative there is too painful. Worse yet, many of those boxes are not even fully patched.
38. Re:They could disable the majority of botnets by shutdown+-p+now · 2011-09-27 11:24 · Score: 1
  
  If you take a person who would run a file named hot_lesbians_amateur_private.jpg.exe (for which, I must add, he also has to click through a warning box that Windows pops up which says "running programs from the Internet blah blah blah IS DANGEROUS! u sure?"), and put him on Linux - then yes, they'll do that.
39. Re:They could disable the majority of botnets by EXrider · 2011-09-27 12:22 · Score: 1
  
  virus's just from viewing emails or web pages hasn't really been an effective means of spreading malware for some time now.
  
  Uh, my company's firewall logs would beg to differ. There are numerous exploits out there utilizing out of date Adobe plugins, the JRE plugin and malicious JavaScript embedded in advertisements, Google image search results are also a huge festering pile of exploits; most of these don't typically require the user to do anything (besides viewing a page) to execute them.
  
  --
  grep -iw skynet /etc/services
40. Re:They could disable the majority of botnets by _0xd0ad · 2011-09-27 14:30 · Score: 1
  
  thanks to human laziness very few people are going to go to all that trouble just to see the naked photo
  You're kidding. Right?
41. Re:They could disable the majority of botnets by LordLimecat · 2011-09-27 14:47 · Score: 1
  
  What on earth do you think HTML, JavaScript, Flash, PDF, and Java do if not execute arbitrary code on the client machine?
  If there is a bug in Thunderbird, or Safari, or Acrobat, you absolutely can get a virus from browsing, no matter what platform you are using. People thinking Mac are immune to this sort of thing really arent qualified to be discussing computer security.
42. Re:They could disable the majority of botnets by LordLimecat · 2011-09-27 14:49 · Score: 1
  
  Bullshit. If you have to do nothing but CLICK on the email, there is something wrong.
  Id say something is wrong with the email client then, not the OS. And Id be interested to know what email client (certainly not any Outlook since Outlook 2003 sp1) you are using that is executing arbitrary code simply by clicking an email.
  I HAVE seen examples of rather piss poor email clients on Mac OSX, but thats really neither here nor there, as the quality of the email client has nothing to do with the OS.
43. Re:They could disable the majority of botnets by Grishnakh · 2011-09-27 14:55 · Score: 1
  
  HTML isn't executable code, it's a markup language. But the others are supposed to be sandboxed. Obviously, this relies on the browser (or PDF viewer, flash plugin, etc.) to be written properly. And yes, a security bug in one of those would make it so that someone could get an infection. But it's a LOT harder to find one of these security bugs, come up with an exploit, and get users to go to your website, hope that their software isn't patched, and then get your exploit to execute this nasty code you've written, than to just write some nasty C code, slap it on a webpage or in an email, and have the browser or email client on the vast majority of user's systems just run it willingly.
44. Re:They could disable the majority of botnets by Grishnakh · 2011-09-27 14:58 · Score: 1
  
  Id say something is wrong with the email client then, not the OS.
  Of course, I never said it was the OS's fault. Of course, the client most known for doing such things is pretty intimately tied to one particular OS.
  as the quality of the email client has nothing to do with the OS.
  That depends on if the email client is coming from the same people who make the OS or not. If they're both coming from the same company that's trying to sell them together as an all-in-one solution, then the two are intertwined.
45. Re:They could disable the majority of botnets by Anonymous Coward · 2011-09-27 18:46 · Score: 0
  
  No matter how much you patch, you can't patch stupid people that click on the fake ads and scam emails.
  Euthanasia is an option
46. Re:They could disable the majority of botnets by ezzzD55J · 2011-09-27 19:26 · Score: 1
  
  Running malware doesn't need any special privileges. Nothing to do with being rooted.
47. Re:They could disable the majority of botnets by slackbheep · 2011-09-27 20:03 · Score: 1
  
  Uh huh. And the computer illiterate aren't going to just run what they're told to as root? or call for sudo rm -rf?
  Education is the solution, Securing the OS is important, but you'll never cross that last mile without completely locking up the system unless you can trust your users.
48. Re:They could disable the majority of botnets by Anonymous Coward · 2011-09-27 20:18 · Score: 0
  
  Linux is free. Download it!
49. Re:They could disable the majority of botnets by Anonymous Coward · 2011-09-28 05:22 · Score: 0
  
  Linux has several known privilege escalation vulnerabilities, on top of which, botnets don't even necessarily need escalated privileges to run. Your normal privileges are just fine for sending spam, doing a DDOS attack, etc.
50. Re:They could disable the majority of botnets by Anonymous Coward · 2011-09-28 06:30 · Score: 0
  
  It's not sony's fault that they were using an out of date unpatched version of apache, it's the small group of script kiddies that realized it.
  But if they are knowingly running unpatched versions then they too are at fault. It's their responsibility to keep their software updated.
  Whoosh!
51. Re:They could disable the majority of botnets by LordLimecat · 2011-09-28 13:22 · Score: 1
  
  Office is a completely separate product that costs several hundred dollars on top of the OS, is not bundled, and is available for both Mac and Windows.
  Calling Office vulnerabilities Windows vulnerabilities is disingenuous.
  
  Of course, the client most known for doing such things is pretty intimately tied to one particular OS.
  You mean Office 2011 for Mac OSX?
52. Re:They could disable the majority of botnets by LordLimecat · 2011-09-28 13:25 · Score: 1
  
  Unless youre implying that Internet Explorer now compiles and executes C code embedded in a webpage, it sounds like you agree that 99% of these expoits have NOTHING to do with the "underlying software architecture", except in so far as it presents obstacles to infection (DEP, ASLR, blacklists, etc).
more nefarious purposes by modernbob · 2011-09-27 08:47 · Score: 1

Perhaps making people buy products they already have over and over!
Pox on both their houses. by Alex+Belits · 2011-09-27 08:52 · Score: 0

...I mean really, Microsoft vs. spammers and thieves, both sides are equally disgusting.

--
Contrary to the popular belief, there indeed is no God.
Oh, come on. Give them their credit. by xyourfacekillerx · 2011-09-27 09:05 · Score: 4, Insightful

For those who can't stomach Microsoft not being evil 100% of the time. It's not like they were really compelled to do this at their own expense. They did the world a favor; no matter how bitter you are at Microsoft for whatever reason, taking down a botnet and identifying an operator is still a good thing. We're not talking lesser of two evils. We're talking about an objectively undeniable good act. Props to MS, I'm glad they did this.
1. Re:Oh, come on. Give them their credit. by Riceballsan · 2011-09-27 09:49 · Score: 4, Insightful
  
  50/50 there. I do half applaud microsoft for helping to take down part of a threat to their users, in this instance I applaud it, while being terrified of it at the same time. While it is awsome to see large companies helping out with law enforcement to things that hurt their users, it also sets a scary precident. We are allowing large companies to become law enforcement on their own. As we accept it for the things that hurt the little people, they slowly leverage their way into using it to help themselves and hurt the little people. The same legislation that gives microsoft the power to disconect a botnet, will give them power to disconect the pirate bay. Everyone loves a superhero with the power to do good and deliver sweet vigilante justice where the law has failed, but lets face it, in the real world if we could actually give someone superpowers, it would be an 80% chance that it would come back to bite us. The hero would protect the group he likes, and leave the others to fend for themselves. When our best interest and microsoft's best interest are one and the same that is awsome, but what happens when they shift?
2. Re:Oh, come on. Give them their credit. by Anonymous Coward · 2011-09-27 10:36 · Score: 0
  
  oh to have ac mod points
3. Re:Oh, come on. Give them their credit. by Anonymous Coward · 2011-09-27 10:41 · Score: 0
  
  Then, we as the public, need to speak out. With enough people shouting, companies listen. AT&T had locked down their Android handsets to remove the "Off Market Installs". People yelled (especially with the advent of the Amazon store) and look at it now: AT&T's Android handsets have the Off market install option again.
  As it is, MS is doing a good job here. If they over-reach, then we need to step in and bitchslap them back into line.
  If you just leave things and say you're happy all the time, companies will continue to do so (see other platforms with locked-down sources to get native executables.)
4. Re:Oh, come on. Give them their credit. by Anonymous Coward · 2011-09-27 16:08 · Score: 0
  
  Well they could be just suing another new company every week over patents that never should have been issued in the first place, so I have to give them props for doing this instead, or for the pessimists: as well.
5. Re:Oh, come on. Give them their credit. by tqk · 2011-09-27 16:32 · Score: 2
  
  ... For those who can't stomach Microsoft not being evil 100% of the time.
  I haven't considered MS to be 100% evil for a long time. Even a decade ago, I didn't consider them even more than 10% evil.
  Their level of incompetence has always been the sticking point for me. Damn, they do lousy work, blame their flaws on others, and EXPECT others to fix their mistakes. They've engendered entire clouds of business operations to clean up after their incompetencies. Anti-virus software?!?
  Kaspersky labs and Symantec must wake up with a hardon every morning knowing MS is still out there doing its usual thing.
  
  --
  "Tongue tied and twisted, just an Earth bound misfit ..." -- Pink Floyd.
6. Re:Oh, come on. Give them their credit. by Anonymous Coward · 2011-09-27 20:28 · Score: 0
  
  I lol'd at this
7. Re:Oh, come on. Give them their credit. by Anonymous Coward · 2011-09-29 01:19 · Score: 0
  
  Oh really? http://bit.ly/oACAsu
8. Re:Oh, come on. Give them their credit. by Anonymous Coward · 2011-09-29 07:25 · Score: 0
  
  > Kaspersky labs and Symantec must wake up with a hardon every morning knowing MS is still out there doing its usual thing.
  Oh really? http://bit.ly/oACAsu
Mozilla helps the botnets... by Anonymous Coward · 2011-09-27 09:12 · Score: 1

Tell that to Firefox devs. They keep creating a browser with bugs that allow for that.
Click on a specially crafted page in Firefox... drive by exploit. Couple that with morons who run as root, boom instant botnet. Most botnets are clever enough that when they take over a computer .. they disable OS and browser updates. Noone can fix the machine remotely.
http://www.mozilla.org/security/announce/2011/mfsa2011-29.html
[...........] we presume that with enough effort at least some of these could be exploited to run arbitrary code. [.....]
http://www.mozilla.org/security/announce/2011/mfsa2011-26.html
[......]The second crash was the result of an invalid write and could be used to execute arbitrary code. [...]
http://www.mozilla.org/security/announce/2011/mfsa2011-12.html
[....]. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.[...]
and these are just a few I picked at random from dozens..
I thought using Firefox was supposed to help guard against all that? Guess not.
Firefox at fault too.. ? by Anonymous Coward · 2011-09-27 09:15 · Score: 0

http://it.slashdot.org/comments.pl?sid=2449020&cid=37532000
1. Re:Firefox at fault too.. ? by Alex+Belits · 2011-09-27 09:52 · Score: 1
  
  1. Don't link to other comments in the same thread if you are not responding to something relevant.
  2. Most open source projects report every bug as a security bug if there is no immediate evidence that it is not a security bug. Usually it's easier to fix a bug rather than go on a chase for a proof that it can't be exploited.
  
  --
  Contrary to the popular belief, there indeed is no God.
2. Re:Firefox at fault too.. ? by Anonymous Coward · 2011-09-27 14:34 · Score: 0
  
  1. Don't link to other comments in the same thread if you are not responding to something relevant.
  That's APK's signature move. Wonder why he didn't have the balls to sign these posts?
Botnets Servers by Anonymous Coward · 2011-09-27 11:50 · Score: 0

I have always wondered why servers can't run anti-virus anti-spamware, etc..
Why not get it caught and destroyed before it even gets to your computer?
If the servers that pass data, monitored all said data for known virus, botnets, spyware viruses and everything else lurking to get you, just think of how much faster your computer would run w/o an antivirus software slowing it down. The servers speed might be affected by looking at all the throughput but if it would stop it in it's tracks.
Why don't they just write a working OS? by Anonymous Coward · 2011-09-27 14:21 · Score: 0

Wouldn't it be simpler for them to ditch their ancient subsystem model and write a real OS with a real security model that doesn't get viruses?
And .... aren't they running a bot short on time to be doing all this silly horse-bolted nonsense?
Re:Botnets Servers by tqk · 2011-09-27 16:47 · Score: 0

I have always wondered why servers can't run anti-virus anti-spamware, etc.
I recognize that you're trying, so thanks for the effort on your part.
However, why should servers need to run "anti-virus anti-spamware, etc?" Perhaps because the operating system is deficient in allowing such malware to be installed and run in the first place?
You've been defrauded and ought to be demanding your money back. Operating Systems are supposed to protect the underlying system upon which they run. That's their point! Bill Gates slept through that part of the course, then dropped out when he saw a chance to get rich on your ignorance.
No offence intended.

--
"Tongue tied and twisted, just an Earth bound misfit ..." -- Pink Floyd.
Ron White 2.0 by ThatsNotPudding · 2011-09-27 23:46 · Score: 1

"You can't patch stupid."
1. Re:Ron White 2.0 by Anonymous Coward · 2011-09-30 01:07 · Score: 0
  
  Lol give it up for THE MAN!!!
Great stuff dudes! by hesaigo999ca · 2011-09-28 03:42 · Score: 1

Finally MS is climbing up in my books, from the "do absolutely everything evil" to "do almost no evil"...they are going a long way....if they could just offer everyone free windows xp patched even if illegal copies...and allow everyone to just get the most secure and up to date xp running possible, this would also go a long way to make sure that the net is super secure.
Yeah, maybe 5-10 years ago. Not now. by SexyKellyOsbourne · 2011-09-29 14:49 · Score: 1

I would agree with this if this was posted sometime in circa 2005, or especially circa 2002, but that really isn't the case now.
This malware can only take over if you go to a bad website, download a bad executable, and run it.
Internet Explorer 8 has a malware filter named SmartScreen. You get a horrible warning if you try to access malware, and an even worse one if you try to download an executable of malware. IE8 is freely available, and every mainstream website in the world (including MSFT's) will nag you to upgrade, as most (Youtube/Facebook/Google) don't even support IE6 anymore.
Windows Vista is nearly 5 years old now and included proper user-mode access, named UAC, by default. Try to run something that will do something horrible like Kelihos will, and it will also flag a less flagrant, but existent "do not run this" warning. That was improved with Windows 7, which is now 2 years old.
And as far as patches go, anything since XP SP2 (August 2004?) will not only nag for Windows update, but even forcibly reboot your system after enough idle time if what needs to be patched could open the door for botnets.
I would say almost the entirety of the 41,000 systems affected had somehow went unpatched for years. A number were likely Windows 2000 or even 98 boxes somehow still out in the wild and online.
E. H. Harriman has the last word by Animats · 2011-09-29 16:01 · Score: 1

See Butch Cassidy. The story behind "Butch Cassidy and the Sundance Kid" is that E.H Harriman, (owner of the Southern Pacific Railroad, the Union Pacific Railroad, etc.) got fed up with train robberies.
The actual story is close to that. The Union Pacific Railroad under Harriman established the Union Pacific Bandit Hunters. They had staff, money, special trains, and the best equipment. From 1891 to 1914, they chased down train robbers. By 1914, only two train robbers were still known to be alive. The "wild west" era was over. Mission accomplished.
That could happen to botnets. There aren't that many botnet operators. With a well-financed operation hunting a small number of operators, running a botnet may become a dangerous career choice.