back to article Microsoft delivers fatal blow to yet another botnet

Microsoft said it delivered a fatal legal blow to Kelihos, a botnet that stole sensitive personal information stored on computers it infected, and was capable of delivering almost 4 billion spam messages per day. The takedown was achieved in part by obtaining a secret court order shutting down 21 internet addresses, including …


This topic is closed for new posts.
  1. Herby

    History lesson

    Every once in a while, an evil empire DOES do something "good".

    Past reference: Autobahn in Germany.

    1. alwarming

      In this case MS is really just cleaning up after itself. Just that the mess it left behind was so vast and had so many things growing off it, that it felt like "winning a war", even though it was just "spring clean".

    2. eulampios


      "Alles für Microsoftenschaft" or "Microsofentschaft über alles"

  2. Inachu


    Can't wait to see pictures of the people who program these bots

    1. Anonymous Coward
      Anonymous Coward

      Guarantee there's tube of Clearsil in the background!

  3. Steve McPolin

    Kinda like plowing your garden

    It must be be bittersweet, to work so hard to make such a lush and fertile ground for these seedlings to grow so well, only to cut them down without enjoying the fruit of your labour. sigh.

    It is analogous to western governments putting the boots to despots they had readily supported. These were the truest 'strategic alliances'.

  4. Big-nosed Pengie

    So they took credit for bringing down the botnets, but they didn't take responsibility for producing and distributing the festering pile of dog turds that allows these botnets to exist. How surprising.

    1. Mr Young

      I don't know anything about botnets

      But are you saying they wouldn't exist without Microsoft? Maybe I missed some subtle sarcasm or something...

      1. Field Marshal Von Krakenfart

        I'll explain it for you Mr Young, and it's not sarcasm

        Botnets would exist with or without MS, however in an attempt to lockin some mickeysoft products (such as explorer, outlook etc), mickeysoft decided to make windoze a big humongous mess so that when a security flaw is found and exploited the whole OS/PC is compromised.

        Why should a flaw in the rendering of jpeg images expose your address book to hackers??????? The *nix security model is a bit better in that all applications run under their own UID, in theory a compromised process does not have access to other processes and/or applications.

        It should also be noted that mickeysoft have only disrupted the C&C structures for Kelihos, the botnet is still installed on whatever number of PCs that are infected. If mickeysoft have missed one of the control servers then the botnet is still active!!

        I also think mickeysoft has been telling porkies, in the court submission mickeysoft state "Due to the high quality and effectiveness of Microsoft's products and services..."

        If their products are so high quality and effective, how come a botnet got control of so many PCs???

    2. Filippo

      Producing what? Acrobat, Flash, or Java? As reported on the Register this same day, those are the ways the vast majority of infections get through.

    3. Stuart 22

      Pots & Kettles

      Didn't most of these Windows Botnets get infected by compromised Linux servers?

      Blackhats go for critical mass targets. They are good enough to be able to penetrate anything they put their hands to. Windows greatest weakness is critical mass.

      1. Field Marshal Von Krakenfart

        "Didn't most of these Windows Botnets get infected by compromised Linux servers?"

        ehhhh No, I think Kelihos is spread by infected spam, and it then infects PCs, not a lot to do with servers of any sort apart from the C&C components.

    4. CmdrX3

      Of course, the people that allowed their computers to be compromised in the first place by probably clicking yes to some random link or file bear no responsibility whatsoever. If people took personal responsibility over the computers under their own control we wouldn't have half the problem. Ignorance is no longer an acceptable excuse and while I'm not absolving MS of their duty I think it's unfair to blame them for something that is easily avoidable by end users.

      1. Tom 13

        Sorry, I'm a tech and don't mindlessly click yes to every pop-up.

        I was once building out a machine and made one fatal mistake which caused the system to be compromised when I hooked it to the network to run updates - I forgot to change the default home page from MSN to Google. MSN loaded, BAM! Antivirus 2009 or some variant thereof pwned the computer with no clicks required.

        Yes they've improved since then, and I'll give them kudos for this cleanup, but at least half the problem HAS been MS.

        1. ChrisC

          I'm thinking your one fatal mistake...

          ...was to connect a new machine to the outside world without having installed up to date security software as part of the offline setup process. Or were you just insanely unlucky enough to have been caught out by this particular virus in the small window of opportunity between its release and inclusion in all the detection databases?

  5. Shannon Jacobs

    Operative definitions of good and evil?

    If we consider good in terms of what the company is doing, it actually bothers me that Microsoft has become the consistent leader in doing the good thing as regards the spammers. I still feel like Microsoft is a fundamentally criminal enterprise, and if they were held fully accountable for all of the harm that has been caused by the flaws in their software, even just limiting it to design flaws, they would be bankrupt in a NY minute. Yet here they are again doing the right thing.

    Meanwhile, Google claims to want to avoid being evil, and they are consistently the spammers' best friend. Have you ever seen such a lame spam-reporting system as Gmail uses? Okay, I'm exaggerating a bit for emphasis. The webform part is pitiful, but the email side actually has at least two good wrinkles in it. I'm mostly disappointed that Google could do much better instead of letting Microsoft carry the battle to the spammers.

    1. Trygve Henriksen

      There's worse than Gmails system...

      Try to report a spam-account on their blogging service...

    2. Tom 13

      If you have spam issues off Google, it's behavioral, not Google.

      I've had my Google account for going on 7 years now. The only spam I get is stuff I signed up for, so it isn't UCE.

    3. eulampios

      Shannon, do you know that hotmail has a pretty bad spam filter. Gmail's is much smarter. It might even be based on spamassassin.

  6. Anonymous Coward
    Anonymous Coward

    Its all microsofts fault...blah blah,,,

    Predictable posts. Microsoft is doing some excellent work here, credit where credit is due. And I suspect that were billions of the worlds fools to use Linux on a daily basis, botnets and virii etc would be similarly widespread.

    1. Anonymous Coward
      Anonymous Coward

      No, you're wrong.

      "I suspect that were billions of the worlds fools to use Linux on a daily basis, botnets and virii etc would be similarly widespread."

      I would say that it would, in fact, be quite a programming challenge to build an efficient distributed botnet using Linux (or any *nix) because they DON 'T LEAVE THEIR BLOODY PORTS WIDE OPEN ALL THE TIME.

      Nor do they promiscuously make assumptions about who or what is a friend or foe.

      Yes, botnets almost certainly could not exist as they do without MS. They are morally bound to correct their own clusterf*cks.

      1. Anonymous Coward
        Anonymous Coward


        Windows has had the firewall switch on by default since XP SP2, you can't really accuse them of leaving ports open any more.

        1. Anonymous Coward
          Anonymous Coward

          Its far from perfect and you would be surprised how many people have it switched off. Or have tweaked it. Or have had software tweak it for them. Without them knowing.

        2. Hans 1 Silver badge

          Ahh, you mean that pile of crap that considered the internet at wide as the local intranet ? That bug was fixed YEARS after SP2 came out ...

          Classic photo:

    2. Anonymous Coward
      Anonymous Coward

      I'm more and more tempted towards the opinion that on Windows an intrusion is more easier noticeable than it is on Linux.

      On Windows crapware (malware, adware, etc.) is often discovered when the user finally wonders why his machine has become so slow and sluggish. Whereas on Linux an average rootkit does quite a good job of hiding itself. Most often you don't notice one thing unless you're using executable signing and such.

      I can't help wonder how many rooted boxes exist without the owner even knowing...

      1. eulampios

        a habit

        As a matter of fact , all major packagers, like aptitude/apt, yum and others so use the Pretty Good Privacy system and simple md5sum checksumming. I remind you that on most LInux and *BSD distros installations and updates are carried out from central repos.

        Yes, a newbie that just came from the Windows camp never heard of this. He/she had always been using different unverified sources to install soft from. Updates might be either not convenient or inexistent. So he or she might end up doing what they simply did on Windows.

  7. eulampios

    one more blow to wish

    >Microsoft delivers fatal blow to yet another botnet

    I wish someone would finally deliver a fatal blow to the ugliest botnets of all - the Microsoft corp itself.

  8. Ramazan

    innocent subdomains of

    were brought down too by MS, because MS is too lazy and technically incompetent to block only botnet traffic from

    "Now that Microsoft has obtained the domain, it is working with Piatti to determine which ones are being used legitimately, so customers of his can get back online quickly."

    1. Ragarath

      Well perhaps if were doing their job properly and not just allowing any tom dick and harry to use the service without vetting then their customers would not have been effected non?

      Cause and effect, kind of.

    2. david wilson


      >>"innocent subdomains of were brought down too by MS, because MS is too lazy and technically incompetent to block only botnet traffic from"

      Presumably if they had trusted the guy in charge to be suitably cooperative, they could have done things differently.

      Though would many people really run anything *important* on a free subdomain rather than paying for a domain of their own, unless they trusted the provider sufficiently to be confident they wouldn't do things or allow things liable to attract the attention of the authorities?

      People using free subdomains from unknown or distant providers are taking a risk that criminals will be doing likewise, with the possibilities of disruption that might involve.

  9. Gerrit Hoekstra

    Microsoft would not exist without botnets and malware

    'nuff said. Think about it...

    1. Barracoder

      I thought about it

      and you're an idiot. 'nuff said.

      Gimp mask, because I wish you had a zipper

    2. Charles Calthrop

      I've thought about it...

      it's bobbins

    3. Anonymous Coward
      Anonymous Coward


      I have thought about it and I have no idea what you're talking about.

  10. Anonymous Coward
    Anonymous Coward

    Maybe they should just focus on"taking out" the douches who keep responding to all this spam. If nobody was stupid enough to respond, then there'd be no market for the spam.

    1. John McCallum

      What no porn no freebies?

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2020