Microsoft Readying Massive Real Time Threat Intelligence Feed

chicksdaddy wrote in with a link to a story about a Microsoft project that will share security information in real time with customers and law enforcement. The article reads "Microsoft has proven that it can take down huge, global botnets like Kelihos, Rustock and Waldec. Now the company is ready to start making the data it acquires in those busts available to governments, law enforcement and customers as a real time threat intelligence feed. Representatives from the Redmond, Washington software maker told an audience at the International Conference on Cyber Security (ICCS) here that it was testing a new service to distribute threat data from captured botnets and other sources to partners, including foreign governments, Computer Emergency Response Teams (CERTs) and private corporations."

This was suggested on Slashdot

[DCTech]

Wasn't the usual talk on Slashdot always how government should go after those botnet owners? Yes it was, even suggesting that they should just bomb their location, no questions asked. Seems like a good thing then. I hope Microsoft expands it to all other internet crimes, like stalking, copyright infringement and counterfeit goods!

Re:This was suggested on Slashdot

[Synerg1y]

They certainly didn't handle their anti-trust case in such a way.

Re:This was suggested on Slashdot

[poetmatt]

wow, you sure posted a positive comment about microsoft as a first post again, huh! We know about you and will call you out every time you shit up a thread.

Not to sideline the reality of this being very questionable, or how this has nothing to do with botnet owners right? Please stop the shillposts and work for someone other than MS. even having you on enemy isn't enough.

Re:This was suggested on Slashdot

[DCTech]

You really cannot see sarcastic comment thrown at you, can you? And how it relates to botnets, well gee, maybe read the summary

Microsoft has proven that it can take down huge, global botnets like Kelihos, Rustock and Waldec.

Re:This was suggested on Slashdot

[poetmatt]

do you understand the difference between botnets and *botnet owners?* I didn't say botnets.

The one I mention actually matters, the other (having botnet data by itself) doesn't mean much unless you have a script kiddie maintaining the botnet who doesn't know what they're doing.

Re:This was suggested on Slashdot

[DCTech]

For a long time Slashdotters have suggested cutting off internet for anyone who has botnet or malware on their computer. Why are you resisting?

Re:This was suggested on Slashdot

[g0bshiTe]

Define cutting off internet.

With multiple devices in ones home connected to the net, be it several home computers, ipods/pads, dvd or blue ray players, game consoles. I think you should define cutting off internet. Are we talking your ISP blocking your connection, or are you talking about the one device infected being killed remotely by some entity other than the owner of the machine.

I'd much rather not see a kill flip for some poor schlup that has botnetware running on their system, I think a better approach would be mandatory computer security classes. This would go much further to actually stopping the problem by educating the end user instead of punishing them.

Re:This was suggested on Slashdot

[forkfail]

Why are you resisting?

After all, Resistance Is Futile (tm).

Re:This was suggested on Slashdot

[AK+Marc]

If your connection is the source of "mal" it should be cut off. Whether a home user, business, or small ISP, the upstream ISP should notify you of all the data they have (IP, times, etc) and cut you off. If you have 20 computers/devices at your home and are spreading malware, why should anyone care it's your phone that was rooted and compromised, rather than your Linux server or Windows gaming rig? You got infected, you got cut off.

I think a better approach would be mandatory computer security classes.

They'd work as well as mandatory driver's education classes. People would take them because they had to, and not do what they were taught, even if they remembered it.

Re:This was suggested on Slashdot

[Alien+Being]

MS leaves thousands of gates and windows open and then struts around like Barney Fife when it catches a few kids sneaking through. Are you as clueless as you seem or are you just messin' with us?

Re:This was suggested on Slashdot

[Hamsterdan]

The ISP provides you with an internet connection (thus the SP part). If the ISP doesn't take action, what do you think happens? The *other* costumers might be prevented from using some services (as in unable to send email to @somedomain because my ISP's mail servers are blackholed or throttled).

If you're not able to reach the costumer, you flip the switch to prevent the problem from spreading.

Re:This was suggested on Slashdot

[EdIII]

I agree with you entirely.

I'll be honest. I don't give a fucking shit about the poor bastard at home with 20 infected computers spitting out malware.

That's life, and life can be hard, not fair, and not forgiving either. There are costs associated with life, and every so often you need to pay out your ass to fix your truck, go to the doctor, or any other disaster you did not prepare for, or could not prepare for.

I already use Spamhaus for their lists, and if MS offers their list service for a decent price, I will jump on it so damn fast to use it. No questions asked. I don't question Spamhaus when it tells me to kill the connection. Of course these days I don't actually kill the connection but I do add a "fatal" amount of points to the SPAM score.

If I could tie the MS service into the firewalls running on my routers at data centers, or even at home, I will do so in a split second. Probably even redirect them to a honey pot machine and a web page notifying them they have been listed as infected and to take appropriate action. Once they fall off the list they can come back and use our services.

Any extra tool in the arsenal is a bonus. I get attempts to hack my SIP gateways by the tens of thousands on a daily basis. Fail2Ban really helps there.

I'll take any list of IP addresses and ranges that are being used for attack purposes and /dev/null them. It just makes my life easier, and although I might feel for the person on the other end if they are a victim too, I can't let myself be dragged down with them. Go to GeekSquad or get a new computer.

I have been on the other end of the stick too. Website being hosted with us had a form that was used to SPAM the living hell out everyone else. So massive we needed to track down where the heck the bandwidth was coming from. We ended up being flagged by IronPort for awhile. That really ruined our day. We cleaned it up, put some counter measures into place, IronPort upgraded our status after awhile, and things returned to normal.

Now if I had the IP address of that computer used to attack us in the first place.................... Who knows? Maybe they would have not even been on the list. I would think a hacker would probably use a compromised system to probe us in the first place though.

To anyone who thinks it is too unfair, and you can't block them, and might also think that blocking dynamic IP address ranges for email is being "fascist", let me ask you this question:

If you owned a retail store, and saw a man covered in shit and flies walking up to your store, would you let him in your store or tell him to take a long shower and come back?

Re:This was suggested on Slashdot

For a long time Slashdotters have suggested cutting off internet for anyone who has botnet or malware on their computer.

I know you have a high UID but please, for a long time Slashdotters have argued about everything. Stating that Slashdotters think the same about anything is just trolling or being stupid. Your choice.

Bad idea

sounds like a violation of the users' privacy

just because my computer is part of a botnet doesn't mean I have agreed to have my IP and other info sent to government agencies, especially foreign governments

Re:Bad idea

[Bananatree3]

Son - you've got other problems if you're on a bot net.

Re:Bad idea

[bstag]

99 problems but a bot net ain't one.

Re:Bad idea

Yeah, and if your car is stolen and used for a bank robbery, that doesn't mean you've agreed to have your plate and description of your car distributed to Government agencies!

Re:Bad idea

[hedwards]

If you've failed to secure your computer then you've waived your right to privacy. Seriously, what exactly do you think malware does? Sure some of it just sends spam, but an awful lot of it is focused on taking your personal information to steal your identity.

Plus, if people aren't willing to step up now, I don't think that naming and shaming is really the worst thing in the world.

Re:Bad idea

[viperidaenz]

I think you nearly got the car analogy right.
If someone steals your car for a bank robbery, is [americas most wanted/other tv or news show] allowed to say the police are looking for a car with a licence plate xyz1234. I would hope so.
you don't own your ip address, like you don't own your license plate number

Re:Bad idea

[CanHasDIY]

If you've failed to secure your computer then you've waived your right to privacy

Uh, no.

According to your "logic," or in this case lack thereof, if you leave the doors to your home or car unlocked, you've 'waived your right to privacy,' i.e. government agents are free to ransack your belongings, place surveillance devices in and around your home/car, take what they like, et. al. Fortunately for all Americans (even the stupid ones), we have a number of Constitutional rights and amendments that protect us from that sort of mentality.

Not only is that an ignorant way to view the world, it's incredibly dangerous to those of us who actually value our privacy, but don't want to live in a constant state of paranoid escalation, in which the only way to have even a modicum of privacy is to continually waste money on bigger and better locks. That's the sort of shit thought process that results in people getting sued by peeping toms for walking around the privacy of their own homes nude.

Re:Bad idea

[epyT-R]

who decides what belongs on the shame list? authority uses this game all the time to badger people it considers a threat to its power. if everyone got a chance at that list, we'd have no rights at all.

Re:Bad idea

[g0bshiTe]

For the average citizen it's much harder to get my personal info from my license plate number than from my IP address.

You can not continue to probing my house from knowing my plate number, but you can probe my home network with my IP.

Re:Bad idea

[lennier]

According to your "logic," or in this case lack thereof, if you leave the doors to your home or car unlocked, you've 'waived your right to privacy,' i.e. government agents are free to ransack your belongings, place surveillance devices in and around your home/car, take what they like, et. al.

Replace "house" with "car" and yes, that's pretty much exactly what happen at the moment. If you leave your car doors unlocked and someone steals it and uses it to commit crime, do you really have an expectation of a hard-cre "right to privacy" that would prevent the police from stopping searching that car - even using deadly force against it?

A non-networked computer is like a house, yes. A networked computer is much more like a car, because it "travels" and interacts with other computers and can break into and destroy them. You really need to know what you're doing when you own one.

Re:Bad idea

[hedwards]

I value privacy which is why I keep my machines free of malware, tracking cookies and things of that nature. Anybody that genuinely values their privacy has already gone to lengths to ensure that their machines aren't infected with malware.

This is very much like leaving your car unlocked with an envelop marked incredibly important industrial secret and being surprised when somebody steals it. Sure they shouldn't have done it, but it's hardly reasonable to assume that nobody's going to steal something that's clearly valuable.

Re:Bad idea

[hedwards]

That's not really a complicated matter, just make it a three strikes and you're outed thing and the ISP would be the party that would know about it. The ISPs already have a fair idea as to who is and isn't infected on their network, letting them shame people that repeated refuse to secure their machines would benefit everybody.

Re:Bad idea

[CanHasDIY]

Replace "house" with "car" and yes, that's pretty much exactly what happen at the moment. If you leave your car doors unlocked and someone steals it and uses it to commit crime, do you really have an expectation of a hard-cre "right to privacy" that would prevent the police from stopping searching that car - even using deadly force against it?

Except that doesn't really work as an analogy, as in the case of botnets, no one is physically stealing your computer and using it for crime; they're stealing a portion of your resources. A more accurate analogy (yet still a very poor one) would be if you left your car doors unlocked, and someone used that as an opportunity to steal your tires, then committed a crime using said tires. Does that mean that law enforcement has a right to search your car, because the tires that came off it were used by someone else, who does not own them or the vehicle, in a crime?

Of course, upon reading what I just wrote, even I'm having trouble making heads or tails of it... precisely why I fucking hate car analogies in regards to cybercrime. Until the day comes that we have cars with their own remote repair drones ala The Phantom Menace Pod Racers, They just wont mesh up.

A non-networked computer is like a house, yes. A networked computer is much more like a car, because it "travels" and interacts with other computers and can break into and destroy them. You really need to know what you're doing when you own one.

No; a networked computer would be like a car, if cars had the capability to transport stuff without ever actually moving.

Re:Bad idea

[CanHasDIY]

I value privacy which is why I keep my machines free of malware, tracking cookies and things of that nature. Anybody that genuinely values their privacy has already gone to lengths to ensure that their machines aren't infected with malware.

Security =/= privacy; I keep my money in a (small, locally-owned) bank, not because I don't want anyone to know how much I have, but because it's a hell of a lot safer there than buried in mason jars in the yard (which, while insecure, would be much more private). Besides, how do you know you're not infected? If the malware producer has done their job right, you won't know until the jack-booted Stasi thugs are kicking in your door and hauling you off to GTMO indefinitely for aiding and abetting known criminals.

This is very much like leaving your car unlocked with an envelop marked incredibly important industrial secret and being surprised when somebody steals it. Sure they shouldn't have done it, but it's hardly reasonable to assume that nobody's going to steal something that's clearly valuable.

No, it's not; and even if it were a valid analogy, what does that have to do with the right to privacy, ipso facto, the right to be free from government intrusion without warrant?

*Sigh* Maybe it's because I'm likely one of a small handful of /.'ers who actually understand how cars work, but damn I hate nonsense car analogies!

Re:Bad idea

[viperidaenz]

You don't know whos home you're probing with an IP address. You also don't know if the ISP as allocated the IP to another address since it was published. In most cases its not your IP. A few dollars will get any citizen your full name and registered address from a license plate number.

Re:Bad idea

It's like someone breaks into your house and starts running a meth lab. It would be nice if someone told you. If you're a repeat offender for meth labs, there may be a bigger problem.

Re:Bad idea

[AK+Marc]

According to your "logic," or in this case lack thereof, if you leave the doors to your home or car unlocked, you've 'waived your right to privacy,' i.e. government agents are free to ransack your belongings, place surveillance devices in and around your home/car, take what they like, et. al.

No, but when you've left your car unlocked and the keys in it and someone steals your car and uses it in a robbery, you should expect to have your information handed over to the authorities and hear your license number announced on the radio and images of your car shown on TV related to the crime.

If you are in a botnet, you negligently allowed your computer to commit crimes. You didn't waive all rights to privacy, but criminal actions by a possession of yours is sufficient to get you under different scrutiny than the average person.

Not only is that an ignorant way to view the world, it's incredibly dangerous to those of us who actually value our privacy, but don't want to live in a constant state of paranoid escalation, in which the only way to have even a modicum of privacy is to continually waste money on bigger and better locks.

If you would stop your posessions from committing crime, people would pay less attention to them. It's not like your stolen car is used in a robbery, it's more like someone put in a shed in your yard and cooks meth and sells crack from it and you don't go in your yard much (you have a pool in back, so you don't go in the front much). If the police raided your yard to take down the drug lab, do you think they would or would not search your house as well? Would that action impinge on your privacy? Do you think their actions would have been justified?

Re:Bad idea

[AK+Marc]

A more accurate analogy (yet still a very poor one) would be if you left your car doors unlocked, and someone used that as an opportunity to steal your tires, then committed a crime using said tires. Does that mean that law enforcement has a right to search your car, because the tires that came off it were used by someone else, who does not own them or the vehicle, in a crime?

You are in possession of the computer and actively using it while the crime is committed. I'd be much more like someone breaking in to your car at home, planting drugs, and then later that day, breaking in to your car again and taking them out, making you an unwitting drug mule. Now, if you were caught driving around with the drugs planted on the outside of your car (under the trunk), what do you think the cops would do? I think they'd search the inside of the car. But your assertion is that since you didn't know, you can't be held responsible for the crimes *you* committed. You installed the OS, turned on the computer, and likely installed the malware, even if inadvertently and then later claim innocence. It wouldn't work for a drug mule situation, so what makes you think it should work for malware?

Re:Bad idea

[AK+Marc]

If the malware producer has done their job right, you won't know until the jack-booted Stasi thugs are kicking in your door and hauling you off to GTMO indefinitely for aiding and abetting known criminals.

Most botnets are run off "known" malware detected by every major detection engine. They don't do their job "right" they do it profitably. There's a difference.

Maybe it's because I'm likely one of a small handful of /.'ers who actually understand how cars work, but damn I hate nonsense car analogies!

This isn't a question of "car" but law. You drive from home to work. Someone knows people generally work in the downtown area, so they attach drugs to the underside of your car, then follow you to work, take them off there. They repeat this, now no longer following you, as they know where you work and where you park there. If you are pulled over and the drugs discovered, do you think the police will or won't search the inside of the car? Why? How is that analogy flawed with regards to malware?

Re:Bad idea

[vux984]

Replace "house" with "car" and yes, that's pretty much exactly what happen at the moment. If you leave your car doors unlocked and someone steals it and uses it to commit crime, do you really have an expectation of a hard-cre "right to privacy" that would prevent the police from stopping searching that car - even using deadly force against it?

This is nonsense. What if you DID lock the car? What you took the wheels off too, locked it in a parking garage, and then chained it to a support pillar.

And then someone stole it and uses it to commit crime.

Would that be in the slightest bit different?

Nope. Not one bit.

So whether or not you left the car unlocked or not is: COMPLETELY FUCKING IRRELEVANT.

The police will stop it, and search it, and so on, regardless of whether you locked it or not. So why do you think its comparable to an unlocked car and more importantly how is a locked car the SLIGHTEST BIT DIFFERENT?

So what is your point?

Re:Bad idea

[hedwards]

It's a fair analogy. You failed to secure your premises and you left something attractive to the would be criminal and ultimately you got burned. It's illegal in both cases and in both cases it would be your own damned fault for not securing your property.

Security isn't privacy, but it is in effect one of the things that you're going to find makes things a lot easier to maintain privacy with. If you don't close your drapes ever you'll find that your next door neighbors can see everything that you're doing. Around here it's even legal for them to watch as long as they do it with their naked eyes from their own property or a legal right of way.

Re:Bad idea

I like big bot nets and I cannot lie.

Re:Bad idea

[alreaud]

... It wouldn't work for a drug mule situation, so what makes you think it should work for malware?

Lack of awareness of the contraband, and hence lack of mens rea. No dna, no fingerprints on the contraband, personal history, etc. I'd take it to a jury. Even more so with a computer than as with the mule case, well not for me, but for the average Joe Plumber.

To many people a computer is a black box that works most of the time and really pisses them off sometimes. They would have no clue, other than that the computer was slow or something was popping up...

Re:Bad idea

[AK+Marc]

mens rea isn't required for most laws, despite what you learned from watching Legally Blonde. Or, mens rea is required, but statutorily defined (possession of more than XX grams means there was intent to distribute, even if there was no mens rea for the possession in the first place - it's not required).

To many people a computer is a black box that works most of the time and really pisses them off sometimes. They would have no clue, other than that the computer was slow or something was popping up...

I would claim that there was negligence in using an unprotected computer. Much like it's illegal to leave an unattended car running in many places (some claim because of environmental reasons, and others as it's an attractive nussiance). They had mens rea if they knew they were operating a computer, even if there was no intent to join a botnet, much like getaway drivers who didn't know they were actually getaway drivers generally get convicted because the "should have" known, even if they didn't and there was no evidence they did know.

Re:Bad idea

cannot lie? that's what they all say ..

Re:Bad idea

And what if you DID install firewall and antivirus and didn't go to suspicious websites, but your system still was hijacked by a zero-day exploit and begins knocking into other systems and joins a DDoS?..

In both cases a) you can't expect privacy one it's stolen, b) proper lockdown at least protects against junkies looking for some cash (common malware) and gives some chances against dedicated hi-jackers.

Re:Bad idea

[alreaud]

"despite what you learned from watching Legally Blonde"
LOL. Unless you're a lawyer don't go there, I've got over twenty years experience as a pro se litigant. I would totally disagree with your first statement. A valid counter example is an individual who is coerced into being an accessory to a crime. Further in your example, one has to establish "possession", i.e. "control over". If one has it kiestered, well obviously one is caught flagrante delicto. But if it sits in the trunk of the car, reasonable doubt is easier to establish.

Negligence only occurs if one lacks the care that a reasonably prudent individual would use. Lets say granny get suckered into downloading those fake-ware anti-virus apps that float around. Remember, that it isn't about truth or justice, but rather what you can convince a jury to believe. Good luck convincing a jury that granny was negligent in using that rootkitted computer. That will fly with a jury like a pig with little itty bitty bat wings...

Re:Bad idea

[AK+Marc]

If you have over 20 years representing yourself in court, then you have serious problems understanding law. Those of us who have even a passing understanding of how things really work manage much less legal experience. Perhaps you have not only a fool for a client, but a fool for a lawyer as well.

Further in your example, one has to establish "possession", i.e. "control over". If one has it kiestered, well obviously one is caught flagrante delicto. But if it sits in the trunk of the car, reasonable doubt is easier to establish.

Guns in glove boxes are "in possession of" the driver. A gun in a trunk is not "in possession" for gun laws. However, there is vast case law establishing that a person is "in possession of" drugs in the trunk. Truck drivers are 100% responsible of things in their trailer. Many times people have been convicted of trafficking based on the contents of their trunk (with the only exceptions being when they convict someone else for the same crime, usually from the testimony of the driver).

Negligence only occurs if one lacks the care that a reasonably prudent individual would use. Lets say granny get suckered into downloading those fake-ware anti-virus apps that float around. Remember, that it isn't about truth or justice, but rather what you can convince a jury to believe. Good luck convincing a jury that granny was negligent in using that rootkitted computer.

A reasonable person would use antivurus. You even state that yourself when you say she installed an anti-virus (proving she knew a reasonable person should do such a thing to protect herself). The only issue is that she did not install a real AV when she got the computer. I'd sink granny. She admitted in open court she installed the AV because she knew she needed an AV, so arguing that she didn't know she needed an AV (or that a reasonable person wouldn't) shouldn't get very far. God I'm glad I don't have you representing me for anything.

And what a "self trained" loser with a history of finding himself in court thinks about what would happen if two competent lawyers were to meet isn't relevant to what actually happens in courts every day.

Re:Bad idea

[alreaud]

So what does your eminent display of legal wisdom mean, when you have to resort to ad hominem attacks?
It means that they didn't teach you the dialectic, O cheese dick member (or wannabe) of the Guild.

Granny is a reasonable person. She got scammed. Honestly, are you a native speaker of American? WTF are you taking about that a reasonable person would use an antivirus. A Linux or Mac user would laugh at you. Maybe of Windows that's true. Read what I actually wrote, not what you want to read. Or please continue with the American reading lessons.

Guild Member, I get things accomplished in my neck of the woods. Like getting judges corrupt judges removed. Ever hear of Tim Masters in Fort Collins? But it's not about me, it's about those last words of the Pledge: "... and justice for all".

To the reading audience, when somebody uses the words "Perhaps you have not only a fool for a client, but a fool for a lawyer as well.", you're probably talking to a member of the Guild that has made a business of justice in America. Whatever, y'all don't win often with me, LOL!

I have four points for you Guild Member, to correct the perpetrations of the "Guild" in my local community. The self trained looser speaks fairly well, and if the voter listens, your kind will be kicked to the curb like we did with the Monarchy.

http://coloradoan-anti-censorship.net/forum/ballot-ideas-insure-local-justice

That is if you can, good buddy, without getting your knickers in a wad.

The Guild is an old ancient scourge on the West, folks, a tool that served the Crown. The problem is, the Guild no longer has a Crown to serve, so serves itself.

Re:Bad idea

[AK+Marc]

Guild Member, I get things accomplished in my neck of the woods. Like getting judges corrupt judges removed. Ever hear of Tim Masters in Fort Collins? But it's not about me, it's about those last words of the Pledge: "... and justice for all".

To the reading audience, when somebody uses the words "Perhaps you have not only a fool for a client, but a fool for a lawyer as well.", you're probably talking to a member of the Guild that has made a business of justice in America. Whatever, y'all don't win often with me, LOL!

I have four points for you Guild Member, to correct the perpetrations of the "Guild" in my local community.

What is this guild of which you speak? Sounds like you are talking about the Bar Association. Tim Masters had a lawyer (probably many of them, David Lane probably the last he'll ever use in that matter), and it doesn't appear that there were any judges or police removed, but I didn't follow the case as it happened, and just did a little googling just now to read up on your rant.

Why don't you rant about how you would help people with their legal troubles, but you are banned from it by law by "the Guild". You aren't even allowed to help them help themselves, depending on the help offered. The Man is keeping you down.

Found a direct link

[symbolset]

Internet Storm Center. Apparently it has been up for quite a while. What bright lights of wonder Microsoft hides under their bushel! I wonder what else there is.

Re:Found a direct link

[Larryish]

"Microsoft Readying Massive Real Time Threat Intelligence Feed"

Meh.

In reality MS just sends the .gov a map of Internet-connected Windows installs.

Thin end of the wedge, and all that.

data from captured botnets....

[nurb432]

And of course any files they happen to find along the way. "IP address x.x.x.x has a copy of the Communist Manifesto"

Re:data from captured botnets....

[The+Grim+Reefer]

And of course any files they happen to find along the way. "IP address x.x.x.x has a copy of the Communist Manifesto"

Joe McCarthy has been dead for over 50 years. I think you're safe owning the Communist Manifesto. Searches in your browser history for al-Qaeda might be a different matter.

Re:data from captured botnets....

[nurb432]

He may be long gone, but his legacy of paranoia has not.

Re:data from captured botnets....

[The+Grim+Reefer]

He may be long gone, but his legacy of paranoia has not.

Nor his epic stupidity. You need look no further than the TSA to find that.

Huge list of security blogs

You can't get much better than this list:

http://pastebin.com/F1JcZHLz

It was featured on Cryptome, still is if you scroll down to the Offsite section.

Sounds kinda like...

[betterunixthanunix]

...the full-disclosure list:

http://seclists.org/fulldisclosure/

What would you do?

IBM would turn it into a product.

Google would integrate this in Chrome and their DNS.

MS gives it away and wonders why their stockholders are not happy...

Botnet

[John3]

I do not think it means what you think it means.

Good Job Microsoft - "3 cheers for MS"... apk

This is good stuff from the fellas @ MS, no matter what the "naysayers" say (usually "pro-*nix" trolls around here with their "down with ms" & "down with Windows" b.s. OR putting down Mr. Gates, etc./et al)...

* Especially about the part of distributing it around all to other parties that could use it!

I mean, hey: I could use that data for security purposes myself!

Now - IF they're ANYTHING like that Norton/Symantec's doing here for instance -> http://safeweb.norton.com/buzz

I.E.-> Showing feeds of what malware their distributed worldwide software (NAV etc.) is collecting for populating their security wares AND to doubtless fill Norton DNS' blocking DNSBLs with too (filters vs. known malicious sites) -> https://dns.norton.com/dnsweb/homePage.do

?

This effort by MS is going to be VERY useful (especially to security professionals relating to IT/IS/MIS etc./et al!)

I only hope they open that data up to individuals like myself, as Norton (& others, but not from commercial concerns usually I have found @ least) has, shown above.

APK

P.S.=> Heck - I say it's useful, because basically, it's the SAME basic reason I integrate HOSTS file data from all of the reputable & reliable sources online for that - to share with others, for the overall GOOD of all...

... apk

Microsoft is no hero

[Sp4rkyJ0n3z]

Microsoft is no 'hero' in this story. A large percentage of the bots on the bot net are unknowingly infected users. And the number one used, and most widely regarded as an unsecure operating system? I'm sure MS has no problem taking down large bot nets, probably using thier own known security holes to gain access and secure against unknowing, infected users. What's stopping them from monopolizing on this? Time. Microsoft is holding out on patching holes to seem like the knight riding in with +4 shinning armor to make their efforts ucrative.

Re:Microsoft is no hero

[benedictaddis]

Since Microsoft began their Trustworthy Computing programme, they have had a reasonably healthy attitude to security. To say as you do that they 'probably' use security holes in their own products to take over botnets is plainly silly.

Microsoft have in fact been quite clever in taking down Waledac and other large botnets. The mechanism was not technical but legal: they filed a civil complaint against a number of John Does, which resulted in the judge granting a restraining order. This handed Microsoft control of 277 domain names which had been used to direct infected machines to the Waledac Command & Control servers. Google 'operation b49' for more info.

Re:Microsoft is no hero

[AK+Marc]

Would you like there to be a pop up from the OS stating "you may be infected, click here to download a free scanning tool." I've seen those messages before, and I think they are the cause of, not fix for the problem.

Yeah well...

"Microsoft has proven that it can take down huge, global botnets like Kelihos, Rustock and Waldec."
Wake me up when they can prove they can prevent them.

Re: Yeah well...

[Dog-Cow]

They know exactly how. Why do you think Windows Phone 7 uses a curated app store, and why do you think they are pushing to do the same for Windows 8? Copying Apple is only part of the story. Ultimately, even a mainframe is vulnerable if the user is allowed to install anything they want.

Re: Yeah well...

[AK+Marc]

Depends on "install". A mainframe is not very vulnerable. A program is run in protected space, then all traces are purged before the next program is run. If you sandbox every program and give nothing root access, nothing is vulnerable. Windows requires "root" access to release/renew IPs and so many other common tasks, it's inherently unsafe. Most programs are installed as "root" as well, and some even require "root" to run. Sandbox everything, protect the kernel, and the malware wouldn't be able to bury itself in the undetectable places it strives for.

If your PC is generating spam or hack attempts

... then identifying your IP address sounds like a good idea to me. Probably a lot of servers would like to block connection attempts from you, but hopefully some kind-souled outfit will display a message to clue you in that you are persona non grata, so you can fix your problem.

good idea?

[viperidaenz]

Just wait till those running the botnets use this real time information as a tool to avoid detection/capture.

wouldn't it be advantageous if they can tell what botnet behaviours are picked up by the detection tools in real time?

Re:good idea?

[schlachter]

it will always be a game of cat and mouse....no reason not to keep innovating..

MS certainly aren't "villains" for this, lol... ak

"Microsoft is no 'hero' in this story. A large percentage of the bots on the bot net are unknowingly infected users." - by Sp4rkyJ0n3z (2550184) on Wednesday January 11, @05:08PM (#38668302)

QUESTION - is the "pro-*NIX" OEM's doing anything better? If so, please, inform us... thanks!

Also?

Hey - That could be useful to ISP/BSP's in informing a user they're "TYPHOID MARY"!!!

(Simply because YES, you're right on that account - a LOT of users either don't KNOW, & toss that system because they think the hardware's old & shot (I & a pal who is a security guard where wealthy doctors & interns live have found @ LEAST a dozen very good systems there because of that... gratis - they were literally by the dumpster, we took them, cleaned them up, & either sold the parts, or kept the rigs (he did))).

Anyhow, it could be useful to ISP/BSP, ala the following type scenario:

"Sir/Maam, this is a courtesy call from to inform you that we have detected infectious malware coming from your system, & we wish to help you clean it, FREE OF CHARGE (lol, hopefully) before "bricking" your modem, we wished to inform you & yours, 1st" etc./et al

* Perhaps NOT exactly worded that way, or done by phone or email etc. but... point's there!

---

"And the number one used, and most widely regarded as an unsecure operating system?" - by Sp4rkyJ0n3z (2550184) on Wednesday January 11, @05:08PM (#38668302)

ANDROID's showing the SAME for Linux for Pete's sake... for DECADES now, Linux has "hidden" behind the lie/FUD that "Linux=Secure"... well, guess what? Malware makers/hacker-crackers?? They JUST like pickpockets - pickpockets do NOT target "crowds of 1". They go where CROWDS OF USERS THAT ARE NOT SAAVY ARE, to get "easy meat" victims... in fact/again?

ANDROID's a Linux variant, & despite all the /. FUD spread here for YEARS? It's being TORN UP on the security front in the mobile phone world, because the hacker/cracker/malware makers KNOW most folks using them are NOT "geeks/techs" & will be easy to abuse/enslave/steal from.

This is common-sense, to criminals @ least, lol, so "channel your 'inner-criminal'" because to COMBAT them? You have to think like them first, & have equal OR BETTER tech know-how (especially nowadays, they aren't "script kiddies" as much anymore, ala STUXNET or DUQU are "prime examples thereof").

---

"I'm sure MS has no problem taking down large bot nets" - by Sp4rkyJ0n3z (2550184) on Wednesday January 11, @05:08PM (#38668302)

Absolutely NOT - they also have legal muscle & money to get around "international boundries" PLUS excellent people working for they... no questions asked (witness Dr. Mark Russinovich OR Anders Hejlsberg & Chuck Andrzewski).

---

" probably using thier own known security holes to gain access and secure against unknowing, infected users." - by Sp4rkyJ0n3z (2550184) on Wednesday January 11, @05:08PM (#38668302)

Come ON - that'd be the DUMBEST thing to do! There are a LOT of very, Very, VERY SHARP techies out there now, @ least one would have spotted this by now!

In fact, & perhaps I ought NOT to say this, because this is only 1 I heard of years ago on NT 4.x? NT-based OS were "pinging" remote servers located in CALFORNIA, that had MS in their registrations... so, perhaps MS was "tracking" who had NT or not, but I remember THAT going on (was worst I ever heard from they on that account, but then again - folks only LICENSE the OS to use, by paying for it, but that doesn't possibly preclude MS tracking via pings because that doesn't breach any privacy, & only shows IP addresses (@ least cursorily)).

---

"What's stopping them from monopolizing on this? Time." - by Sp4rkyJ0n3z (2550184) on Wednesday January 11,

Skynet?

[Joe_Dragon]

Skynet is growing

IF ur going to downmod me trolls? Say why

Legitimately why, on computing technical grounds (ala errors I made misleading others etc. technically).

(No, not just doing a "hit & run" downmod that you have either, because WHEN you do that, you only show us all that's "the best you've got" & nothing more (which means you have squat)).

* Ah... then again, I am asking a blatant cowardly little worm to be a MAN, not a worm in my request above.

APK

P.S.=> That'd be TOO much to expect around /. - home of the "Pro-*NIX troll" online, lol!

... apk

Real Time Hosted Threat Intelligence Feed v2.0

A spokesman, on condition of anonymity added: "Once we have this project on the way, Microsoft will start a project that will share more information in real time with qualified entertainment industry customers and law enforcement. We will flag certain search terms in Bing, then notify authorities about those who use them, of course in real time. We envision that we can be busting down doors well before the torrent finished downloading."

insert here...

[CohibaVancouver]

[Insert tired "but Windows is the biggest virus there is!" post here.]

What?

[Georules]

MS proved they can take down botnets largely comprised of systems they wrote the software for? Good work.

Since when did Microsoft get the right to...

Search (without a cour order) anyone else's computers? Normally, afaik, only a branch of law enforcement can do what they say they can and are doing, and that only with a court order. Is spying and gathering data on someone legal if you're Microsoft, but not if you're Joe Schmo off the street?

Who knows, I may be delusional and thinking false and utopian thoughts. If so, shoot me and send my remains to Microsoft.

Re:Since when did Microsoft get the right to...

[AK+Marc]

Didn't you read the EULA?

Also readying

Massive real-time marketing layoffs.

Cart before the horse

[Detaer]

It would probably be better if the focused their energy on closing security holes and doing their best to stop their consumer operating systems from being the low hanging fruit for botnet makers. I have heard than an ounce of prevention is better than a massive security project to remove the ass of a tick or something to that effect.

I can say the same of Linux, via ANDROID... apk

ANDROID's a Linux. How's it doing, now that it's no longer hiding behind "security-by-obscurity" (ie - lack of majority of users on a platform especially amongst 'novices' in said tech)?

Sorry but... truth is, it's being TORN UP on the security/malware/abuse front... badly.

(Too bad too, because they're nice "smartphones" to run nowadays with ANDROID, but I steer clear of them ALL, until "security maturation" happens).

* Funniest part's that I KNEW this was coming, despite all the "Linux = Secure" stuff I heard for YEARS (almost a decade now in fact) on /. here...

So - sure, you can secure a KERNEL all you like (Linux has an outstanding remote bug in it right now, thru the latest/greatest 2.6x mainstream kernel in fact -> http://secunia.com/advisories/47199/ too, so it's FAR from invulnerable)...

However, even in going on nearly decade old 2.6 mainstream core/kernel now? They STILL find issues in security in its core/kernel (this tells you how complex computer programming is, & especially on HUGE programming artifacts, like OS are)

Yes... even to this very day? Bugs in the kernel?? Yes!

Nothing's perfect!

PERFECTION? It's a ROAD, not a destination...

I think all OS exemplify that, yes, even Windows NT-based ones, MacOS X, & others as well.

APK

P.S.=> Anyhow/anyways - That's a pretty simple question to answer, go for it...

Because FINALLY?

Yes, a Linux has some SERIOUS marketshare but that's "backfiring" on those who literally believed the general "Linux=Secure" b.s. that flew around the web, especially around here I have found, bigtime.

NOw, it's a Linux (in ANDROID) that's amongst mostly "tech noobs" & it's going thru EXACTLY what Microsoft's Windows has, due to being the "OS of 'the masses'" & the majority of the masses?

They're NOT server admins/tech gurus (who are NOT as easy to take advantage of, but 'noobs' are) - they get "TARGETTED FOR TERMINATION" by the programmatic work of malware makers, yes, even on a Linux & ANDROID SHOWS US ALL THAT MUCH, easily... apk

So let me get this straight

[giorgist]

1. Some "criminal" bot net grabs my private data.
2. Microsoft infiltrates bot net.
3. Microsoft hands the data to government in real time. They are not responsible on what the data contains.
4. Government has my data legally ?

Does this not sound like the police getting criminals to do their dirty work ?
What would be the intensive to bring down the bot ?
How do I know who set up the original bot ?
Should I trust Microsoft ?
Should I trust the government ?

Re:So let me get this straight

[Bacon+Bits]

You'd rather trust the bot net operator?

Yes, I understand (and agree with) your reservations and concerns about what the government would do with such data, but it's really not like the alternative is demonstratively better. Yes, the government *could* abuse this type of information, but a bot net operator can abuse his bots, too. What's to stop a bot from installing a key logger and browser history scraper? Or from scanning your personal files? Or from turning on your webcam?

Additionally, owners of systems infected with bot net software are the victims of a crime and their systems are themselves being used in the commission of other crimes. Are you going to argue that MS doesn't have an obligation to tell law enforcement about their knowledge of such crimes? What if the bot net is used to coordinate a StuxNet-like attack on US infrastructure?

Honestly, this sounds like complaining that the police are searching your house for evidence when the neighbors called them about a break-in they saw going on.

Re:So let me get this straight

1. Some "criminal" bot net grabs my private data.
2. Microsoft infiltrates bot net.
3. Microsoft hands the data to government in real time. They are not responsible on what the data contains.
4. Government has my data legally ?

Does this not sound like the police getting criminals to do their dirty work ?
What would be the intensive to bring down the bot ?
How do I know who set up the original bot ?
Should I trust Microsoft ?
Should I trust the government ?

And if criminals break into your house or car you want the government not to deal with it? People get caught with "things they shouldn't have" then as well. When law enforcement investigates a crime of any kind other things sometimes pop up. If you're worries about this being a problem you should just worry about them doing it without a crime being involved. After all, it is possible.

Am I reading it right?

Botnets were formed because of malicious guys and an incompetent OS maker (M$) which transfers to its customers the responsibility to complete the software with add-ons which might or not work.

Then said OS maker intends to deliver the names of its customers to gov't agencies like a chicken to pitbulls?

You know, I despise Windows buyers as suckers as much as any other Linux or Mac user, and I want something to be done against botnets, but aren't we morally obligated to show some consideration for the mentally impaired?

Why I already hate it.

Starting with the name: Real Time Threat Intelligence Feed

If only they would have called it: Real Time Intelligence Feed

but no the word "threat" had to be in there and so it will be political, false flag intelligence

The only threats: Political and False Flag threats

You can't trick adults!

Re:Why I already hate it.

[alreaud]

"You can't trick adults!"

Really? How did President Bush serve two terms, and had us fight a war in Iraq based on WMD?

"Good thing for rulers that the masses don't think." Goebbels or Hitler, I can't remember which offhand.

Humor in the works...

[alreaud]

It's going to be funny as shit when that there threat database gets hacked by Anonymous or somebody, to ribald rib-breaking laughter online...

Lets make a list!

[haltline]

"Trust us. No one on that list is there because of a mistake or because they are a business competitior or because they have views we don't like or because they have an ugly pet. Once we have enough people using our list we'll establish control over the flow of information and...er... I mean we'll stamp out that pesky varmit infected computers.... yessiree"

To state the obvious, this is the Information Age. Information is of increasing value, therefore, the control to it's access is of great interest to those who seek power. I hope we're smarter than to let just anyone become the gatekeepers of the sum knowledge of mankind. I want us to consider carefully what mechanisms we put in place controlling the flow of information now that it is a great commodity. I wonder if we are smart enough to require acceptable behavior from those we entrust with such power. I fear we are probably screwed.

Am I reading this correctly???

IBM supplies data to the Nazis now Microsoft supplies data to the US Gov't. Hmmm! I think Gov'ts are scared. Of US? We the people? They better be!

If you're going to mod me down troll, say why

Legitimately why, on computing technical grounds (ala errors I made misleading others etc. technically).

(No, not just doing a "hit & run" downmod that you have either, because WHEN you do that, you only show us all that's "the best you've got" & nothing more (which means you have squat)).

* Ah... then again, I am asking a blatant cowardly little worm to be a MAN, not a worm in my request above.

APK

P.S.=> That'd be TOO much to expect around /. - home of the "Pro-*NIX troll" online, lol! ... apk

Hit & Run downmods by trolls & no reasons

At least state why, & legitimately why on computing technical grounds (ala errors I made misleading others etc. technically).

(No, not just doing a "hit & run" downmod that you have either, because WHEN you do that, you only show us all that's "the best you've got" & nothing more (which means you have squat)).

* Ah... then again, I am asking a blatant cowardly little worm to be a MAN, not a worm in my request above.

APK

P.S.=> That'd be TOO much to expect around /. - home of the "Pro-*NIX troll" online, Truths I post don't seem to go over well on /. (home of the "Pro-*NIX Trolls online", lol!)...

... apk

Good move there!

[hesaigo999ca]

I applaud their wit and strategy, although it is THEIR software that is causing all this in the first place....I know they can not go backwards,
or change their OS methodology, so instead they do the next best thing, make all the info available to those law enforcements, to catch the ones that
would use these vulnerabilities to exploit the people using Windows..... great! so today the big evil corp we know as MS, has done a good deed indeed!
First step on the road to redemption....

Not black and white

You'd rather trust the bot net operator?

Why does it have to be one or the other? Apparently he'd rather trust neither.

Yes, the government *could* abuse this type of information, but a bot net operator can abuse his bots, too.

That's right, both would definitely abuse the information. We can't move forward with such a compromise as part of the solution, because information abuse is one of the things we are trying to prevent as part of eliminating botnets.

Meh...

Doesn't apply to me.
I run Linux.

Good security applies 2 Linux too (see inside)

KERNEL.ORG COMPROMISED - The Cracking of Kernel.org: (very bad - do you trust it now?)

http://linux.slashdot.org/story/11/08/31/2321232/Kernelorg-Compromised

---

Linux.com pwned in fresh round of cyber break-ins: (lol)

http://www.theregister.co.uk/2011/09/12/more_linux_sites_down/

---

Mysql.com Hacked, Made To Serve Malware:

http://it.slashdot.org/story/11/09/26/2218238/mysqlcom-hacked-made-to-serve-malware

What's that site running? You guessed it - Linux -> http://uptime.netcraft.com/up/graph?site=mysql.com

---

London Stock Exchange serving malware:

http://slashdot.org/submission/1484548/London-Stock-Exchange-Web-Site-Serving-Malware

(I mean hey - NOT ONLY DID LINUX FALL FLAT ON ITS FACE less than a few minutes into the job http://linux.slashdot.org/story/11/02/19/0147232/London-Stock-Exchange-Price-Errors-Emerged-At-Linux-Launch, & crash not only ONCE, but TWICE there? You see "Linux 'fine security'" in motion @ the LSE too!)

---

DUQU ROOTKIT/BOTNET BEING SERVED FROM LINUX SERVERS: (very recent):

http://it.slashdot.org/story/11/11/30/1610228/duqu-attackers-managed-to-wipe-cc-servers

---

Linux Foundation, Linux.com Sites Down To Fix Security Breach: (lol)

http://linux.slashdot.org/story/11/09/11/1325212/linux-foundation-linuxcom-sites-down-to-fix-security-breach

---

Linux's showing in CA's breached recently too? Ok: (very, Very, VERY BAD for ecommerce, online shopping, banking, etc./et al)

http://uptime.netcraft.com/up/graph?site=StartCom.com

http://uptime.netcraft.com/up/graph?site=GlobalSign.com

http://uptime.netcraft.com/up/graph?site=Comodo.com

http://uptime.netcraft.com/up/graph?site=DigiCert.com

http://uptime.netcraft.com/up/graph?site=www.gemnet.nl

The list of CA Servers BREACHED that RUN LINUX (StartCom, GlobalSign, DigiCert, Comodo, GemNet)... per these articles verifying that:

http://itproafrica.com/technology/security/cas-hacked/

&

http://threatpost.com/en_us/blogs/site-dutch-ca-gemnet-offline-after-web-server-attack-120811

---

The Stratfor SECURITY hack: (can't blame it on poor setup, this IS a security firm that uses Linux)

http://yro.slashdot.org/story/11/12/28/1743201/data-exposed-in-stratfor-compromise-analyzed

What's that domain run? Yes kids - you guessed it: LINUX -> http://uptime.netcraft.com/up/graph?site=www.stratfor.com

---

Phishers/Spammers FAVOR attacking LAMP: