Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Disables Kelihos Botnet

Posted by Unknown on from the i'm-down-to-20k-viagra-offers-per-day dept.

Trailrunner7 writes with an excerpt from an article in Threatpost: "Continuing its legal assault on botnet operators and the hosting companies that the criminals use for their activities, Microsoft has announced new actions against a group of people it contends are responsible for the operation of the Kelihos botnet. The company has also helped to take down the botnet itself and says that Kelihos's operators were using it not only to send out spam and steal personal information but also for some more nefarious purposes."

12 of 94 comments (clear)

  1. They could disable the majority of botnets by Hentes · · Score: 3, Insightful

    They are the ones who really could do much against botnets by patching Windows vulnerabilities.

    1. Re:They could disable the majority of botnets by Krojack · · Score: 5, Insightful

      No matter how much you patch, you can't patch stupid people that click on the fake ads and scam emails.

    2. Re:They could disable the majority of botnets by Riceballsan · · Score: 4, Insightful

      Now that's crazy talk, in the modern day society hackers and criminal geniouses will get past anything, companies being liable for their own flaws is a foreign concept. The best response is to reactively find and imprison the hackers. It's not sony's fault that they were using an out of date unpatched version of apache, it's the small group of script kiddies that realized it. The sad thing is right now security is so universally terrible, people actually are starting to believe that these breaches are caused by super hackers that can break into anything, rather then by amuatures taking advantage of huge gaping holes. The idea of computers somehow changes peoples minds to believe in supergeniouses. If a group of high schoolers snuck into a bank, and plastered grafiti on the walls and xeroxed customer data, 10% of the anger would go to the kids, 90% to the banks terrible security. If a group of high schoolers defaced the banks webpage "OMG they are super genious criminals, ship them to guantanemo bay!!!"

    3. Re:They could disable the majority of botnets by Sir_Sri · · Score: 2

      Um... they do patch windows vulnerabilities. Not everyone installs them in a timely fashion though, and the more draconian windows becomes about forcing you to install updates the more people get upset and resist. Writing a completely new underlying structure to handle patching only works so well and only retains so much compatibility.

      Even if you do install updates, there's a gap between vulnerabilities being discovered and when a patch can land on your computer.

    4. Re:They could disable the majority of botnets by bloodhawk · · Score: 4, Interesting

      Bullshit. If you can just click on an email and this leads to your system being rooted, there's something fundamentally wrong with the software architecture. Same goes for ads on websites. There should never be any way of executing arbitrary code from an email or web site.

      No their isn't anything fundamentally wrong with the software architecture. A vast majority of users are morons, the OS can prompt you to say what you are doing is dangerous, stupid (as windows already does) and users will STILL say yes show me that naked photo of XYZ by running dodgy.exe for me. You simply can't patch stupidity unless you create a highly controlled environment where the user doesn't have the right to run whatever they want.

    5. Re:They could disable the majority of botnets by bloodhawk · · Score: 2

      Bullshit. If you have to do nothing but CLICK on the email, there is something wrong. Obviously, you can't prevent people from running dodgy executables without locking down the system entirely (requiring cryptographically signed executables, etc.), but that doesn't mean you have to make it easy for them either. This kind of thing is utterly impossible in Linux, and only happens in Windows because of the idiotic idea that you should allow arbitrary code to be executed directly from a website or email.

      You seem to be utterly clueless on the common infection paths on both the windows and linux front. The vast majority is not getting infected by simply viewing emails or browsing to a website, they are being socially engineered into runing malware. Users are EXECUTING files that promise to provide them with various free goodies or access to all sorts of stuff. For instance the Kelihos botnet required you to open a link in a browser, then download and execute a program which it tried to disguise as a greeting card, last time I checked both windows and linux could perform this task of downloading a program and then running it, if you think otherwise then you are probably a perfect candidate for their target audience.

    6. Re:They could disable the majority of botnets by jafiwam · · Score: 2

      Fundamentally, you are correct. But, I sense you are not an IT guy.

      When a User says "I didn't do anything" they actually mean; "I clicked on a bunch of stuff without thinking"

      The problem is, browsers shouldn't let people load stuff into temp cache and then install whatever it is without visiting the "My Downloads" or "Desktop" folders first. That would stop a lot of this scareware stuff that pops up look-alike windows to get people to click on and download things. The ones that are that stupid or inexperienced would have to go through the "manage files on my computer" loop that would make their state (stupid, or ignorant) work FOR them for once.

      So your point is irrelevant. For the most part those drive by scripting holes are gone. IF this weren't the case, my computers would be infected, and the blonde ditz at the front desk wouldn't be the only one infecting her computer all the time. It would be mine, from looking for recreational stuff or even HTML samples or whatever legit actual work I am doing.

    7. Re:They could disable the majority of botnets by dhavleak · · Score: 2

      If there's any cases at all remaining, then there's a fundamental problem in the architecture. Why would there only be a few cases if the vulnerability still exists?

      In the architecture of what? You're citing flaws from 10 years ago, and hanging your hat on one very tiny point, and behaving like an indolent child, all at the same time. Add some specifics, and let's talk.

  2. Oh, come on. Give them their credit. by xyourfacekillerx · · Score: 4, Insightful

    For those who can't stomach Microsoft not being evil 100% of the time. It's not like they were really compelled to do this at their own expense. They did the world a favor; no matter how bitter you are at Microsoft for whatever reason, taking down a botnet and identifying an operator is still a good thing. We're not talking lesser of two evils. We're talking about an objectively undeniable good act. Props to MS, I'm glad they did this.

    1. Re:Oh, come on. Give them their credit. by Riceballsan · · Score: 4, Insightful

      50/50 there. I do half applaud microsoft for helping to take down part of a threat to their users, in this instance I applaud it, while being terrified of it at the same time. While it is awsome to see large companies helping out with law enforcement to things that hurt their users, it also sets a scary precident. We are allowing large companies to become law enforcement on their own. As we accept it for the things that hurt the little people, they slowly leverage their way into using it to help themselves and hurt the little people. The same legislation that gives microsoft the power to disconect a botnet, will give them power to disconect the pirate bay. Everyone loves a superhero with the power to do good and deliver sweet vigilante justice where the law has failed, but lets face it, in the real world if we could actually give someone superpowers, it would be an 80% chance that it would come back to bite us. The hero would protect the group he likes, and leave the others to fend for themselves. When our best interest and microsoft's best interest are one and the same that is awsome, but what happens when they shift?

    2. Re:Oh, come on. Give them their credit. by tqk · · Score: 2

      ... For those who can't stomach Microsoft not being evil 100% of the time.

      I haven't considered MS to be 100% evil for a long time. Even a decade ago, I didn't consider them even more than 10% evil.

      Their level of incompetence has always been the sticking point for me. Damn, they do lousy work, blame their flaws on others, and EXPECT others to fix their mistakes. They've engendered entire clouds of business operations to clean up after their incompetencies. Anti-virus software?!?

      Kaspersky labs and Symantec must wake up with a hardon every morning knowing MS is still out there doing its usual thing.

      --
      "Tongue tied and twisted, just an Earth bound misfit ..." -- Pink Floyd.
  3. Re:Explain by ackthpt · · Score: 2

    some more nefarious purposes, explain.

    Exposing security holes in Windows. 'nuf said.

    --

    A feeling of having made the same mistake before: Deja Foobar