Microsoft delivers fatal blow to yet another botnet Microsoft said it delivered a fatal legal blow to Kelihos, a botnet that stole sensitive personal information stored on computers it infected, and was capable of delivering almost 4 billion spam messages per day. The takedown was achieved in part by obtaining a secret court order shutting down 21 internet addresses, including …
It must be be bittersweet, to work so hard to make such a lush and fertile ground for these seedlings to grow so well, only to cut them down without enjoying the fruit of your labour. sigh.
It is analogous to western governments putting the boots to despots they had readily supported. These were the truest 'strategic alliances'.
Botnets would exist with or without MS, however in an attempt to lockin some mickeysoft products (such as explorer, outlook etc), mickeysoft decided to make windoze a big humongous mess so that when a security flaw is found and exploited the whole OS/PC is compromised.
Why should a flaw in the rendering of jpeg images expose your address book to hackers??????? The *nix security model is a bit better in that all applications run under their own UID, in theory a compromised process does not have access to other processes and/or applications.
It should also be noted that mickeysoft have only disrupted the C&C structures for Kelihos, the botnet is still installed on whatever number of PCs that are infected. If mickeysoft have missed one of the control servers then the botnet is still active!!
I also think mickeysoft has been telling porkies, in the court submission mickeysoft state "Due to the high quality and effectiveness of Microsoft's products and services..."
If their products are so high quality and effective, how come a botnet got control of so many PCs???
Of course, the people that allowed their computers to be compromised in the first place by probably clicking yes to some random link or file bear no responsibility whatsoever. If people took personal responsibility over the computers under their own control we wouldn't have half the problem. Ignorance is no longer an acceptable excuse and while I'm not absolving MS of their duty I think it's unfair to blame them for something that is easily avoidable by end users.
I was once building out a machine and made one fatal mistake which caused the system to be compromised when I hooked it to the network to run updates - I forgot to change the default home page from MSN to Google. MSN loaded, BAM! Antivirus 2009 or some variant thereof pwned the computer with no clicks required.
Yes they've improved since then, and I'll give them kudos for this cleanup, but at least half the problem HAS been MS.
...was to connect a new machine to the outside world without having installed up to date security software as part of the offline setup process. Or were you just insanely unlucky enough to have been caught out by this particular virus in the small window of opportunity between its release and inclusion in all the detection databases?
If we consider good in terms of what the company is doing, it actually bothers me that Microsoft has become the consistent leader in doing the good thing as regards the spammers. I still feel like Microsoft is a fundamentally criminal enterprise, and if they were held fully accountable for all of the harm that has been caused by the flaws in their software, even just limiting it to design flaws, they would be bankrupt in a NY minute. Yet here they are again doing the right thing.
Meanwhile, Google claims to want to avoid being evil, and they are consistently the spammers' best friend. Have you ever seen such a lame spam-reporting system as Gmail uses? Okay, I'm exaggerating a bit for emphasis. The webform part is pitiful, but the email side actually has at least two good wrinkles in it. I'm mostly disappointed that Google could do much better instead of letting Microsoft carry the battle to the spammers.
"I suspect that were billions of the worlds fools to use Linux on a daily basis, botnets and virii etc would be similarly widespread."
I would say that it would, in fact, be quite a programming challenge to build an efficient distributed botnet using Linux (or any *nix) because they DON 'T LEAVE THEIR BLOODY PORTS WIDE OPEN ALL THE TIME.
Nor do they promiscuously make assumptions about who or what is a friend or foe.
Yes, botnets almost certainly could not exist as they do without MS. They are morally bound to correct their own clusterf*cks.
I'm more and more tempted towards the opinion that on Windows an intrusion is more easier noticeable than it is on Linux.
On Windows crapware (malware, adware, etc.) is often discovered when the user finally wonders why his machine has become so slow and sluggish. Whereas on Linux an average rootkit does quite a good job of hiding itself. Most often you don't notice one thing unless you're using executable signing and such.
I can't help wonder how many rooted boxes exist without the owner even knowing...
As a matter of fact , all major packagers, like aptitude/apt, yum and others so use the Pretty Good Privacy system and simple md5sum checksumming. I remind you that on most LInux and *BSD distros installations and updates are carried out from central repos.
Yes, a newbie that just came from the Windows camp never heard of this. He/she had always been using different unverified sources to install soft from. Updates might be either not convenient or inexistent. So he or she might end up doing what they simply did on Windows.
were brought down too by MS, because MS is too lazy and technically incompetent to block only botnet traffic from cz.cc
"Now that Microsoft has obtained the cz.cc domain, it is working with Piatti to determine which ones are being used legitimately, so customers of his can get back online quickly."
>>"innocent subdomains of cz.cc were brought down too by MS, because MS is too lazy and technically incompetent to block only botnet traffic from cz.cc"
Presumably if they had trusted the guy in charge to be suitably cooperative, they could have done things differently.
Though would many people really run anything *important* on a free subdomain rather than paying for a domain of their own, unless they trusted the provider sufficiently to be confident they wouldn't do things or allow things liable to attract the attention of the authorities?
People using free subdomains from unknown or distant providers are taking a risk that criminals will be doing likewise, with the possibilities of disruption that might involve.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
