MS claims credit for Rustock botnet takedown Action taken by Microsoft and law enforcement agencies was responsible for the takedown of the infamous spam-spewing Rustock botnet, the software giant said today. Anti-spam firms were taken by surprise by the abrupt cessation of junk mail from zombie clients in the Rustock botnet network on Wednesday afternoon. The reason for …
"That means as much as admitting your machines were the cause in the first place..."
That's because most of the home computers out there run Windows. It's merely the best way to get zombies, due to the population. No, it's not due to some inherent flaw causing Windows to be vulnerable to these infections. Usually these bots get on the computer the same way Flash Player or Firefox gets on your computer: they're downloaded and ran. Granted, they're downloaded from less-reputable places. Very few virii nowadays actually install themselves on your computer with no user intervention.
A friend of ours has a form of OCD and frequently needs to ask for help and assistance in determining if something he has seen on the Internet was real (if you need a indication, on how debilitating this can be for him, he initially needed help with the Japan earthquake, for instance). He's not an idiot. He has a job, and lives a reasonably independent life: he simply has a condition that actually makes him rather more reliant upon his computer than many of the rest of us are.
Now, I'm not sure if you think he shouldn't have an internet connection, or shouldn't have a bank account (or just haven't thought about it from his sort of angle) but he's exactly the sort these spammers go after. Which is why it is so wrong.
Fortunately the one thing he does have, is friends, who can help him get the best from his internet connection without being preyed upon. I rather suspect that not all such people have that to fall back on... and we're not claiming sainthood for doing it.
I'd also say it is good to see what Microsoft and the law-enforcers have done here. The zombie networks are often Windows machines, but they are nothing once their C&C servers are removed. Sure the problem will return, but this has at least shown that the problem is solvable. Spam isn't merely some force of nature that we have to put up with, but an aspect of a predatory network of individuals whose infrastructure can be got at and removed to yield real results.
Virii are executables. I can just as easily run one on my Linux box as my Windows box. The problem is, by and large, the people that hit "yes" to the "are you sure you want to run this potentially harmful program?" Be it Windows, Linux, or Mac, the user can still hit "Yes."
Disclaimer: this would require a "virus"-like program written to run on each of the operating systems mentioned. It's very easy to do so for each of these platforms, but one can't be bothered to target such small markets.
No, they are not, but what they are doing is helping idiots correct their mistake.
Think of this that way, when you are driving and someone on the passenger seat tells you to go through intersection and you just go (even though it's red) who's fault is it....yours or the passenger?
The same logic apply here...maybe some of the morons can read before clicking yes to every little internet pop-up.
When Microsoft are the subject of an article the following rules apply.
1. If MS have done something wrong, log on and howl.
2. If MS have done something right, log on and howl.
(Make sure you say that it was all their fault in the first place whether that is wholly true, partly true or not true at all.)
3. If MS are mentioned however peripherally, even if your posting is not even in orbit around the same planet as the article concerned let alone on topic, log on and howl.
4. Do remember to spell the Great Satan's name with a $-sign as often as possible whilst you howl.
As far as the subject of this article is concerned I am glad to see that MS appear to be taking their responsibilities seriously. I personally feel that they should have been moving in this way a considerable while ago but I am reasonably impressed with the sheer scale of the operation involving as it did MS officials, the Feds, the US courts and national compliance and policing authorities in several countries (including China's own CNERT-team believe or not!). So yes, on this occasion I am also willing to give Redmond a cautious thumbs up.
Amazing how people will piss and moan about something positive (and not easy or inexpensive) MS is doing to solve a problem. Yes, it helped create the problem in the first place, but the last time I checked, Adobe, whose security is now arguably worse than MS, has exactly ZERO takedowns to their credit and I'm not expecting any soon.
Though, the spammers might not be the only ones miffed about this. I'm betting some DNSBL operators are grinding their axes and calling Microsoft all kinds of unmentionable things.
Fortunately, I somehow doubt they'd have the brass neck to blacklist 207.46.0.0/16 in retaliation for the proportional reduction in filtering-service revenue.
"Rustock's infrastructure was much more complicated than Waledac's, relying on hard-coded Internet Protocol addresses rather than domain names and peer-to-peer command and control servers to control the botnet."
Since when is a static IP "much more complicated" to trace than a domain name or P2P?
If a botnet relies on something like round-robin or fast-flux dynamic DNS to find C&C servers, all you have to do is take down the domain name and the botnet is decapitated. P2P makes things a little harder, because once the bot knows a few P2P nodes the C&C server isn't required anymore.
Rustock did something like include a huge list of existing bot IPs every time the malware propagated. That kind of botnet is hard to stop once it gets going: If any of the IPs in the list are reachable, a new bot can bootstrap the whole list.
If your dog made a mess on the sidewalk, does that mean that the innocent pedestrian who steps in it has only himself to blame?
It is indeed good that Microsoft is cleaning up the mess they made, but let's not blame the wrong party for the spam problem.
It is the "customer" who is shitting all over the sidewalk regardless of how often one tries to explain that they should keep it in their pants. How many articles in how many mainstream media publications warning said "customers" about downloading programmes of a certain type is it going to take before the brain dead finally realise that they are doing something silly? Interesting that many of us criticise (correctly in my view) Apple's walled garden on the grounds of freedom and choice, whilst at the same time many log on here to howl about "M$" on the grounds that they do not succeed in preventing said braindeads from fucking everything up. Do not misunderstand me, MS could clearly do a lot more to improve security (and I suspect they are aware of that) but I am piss tired of the fact that as long as the Great Satan From Redmond is involved many immediately find it convenient to forget that the biggest threat to a pc is the dickhead at the keyboard. Precisely how is "M$" supposed to stop these plonkers downloading that kind of shit without taking the kind of measures that would have us all howling a blue fit? So yes, the customer is NOT always right - sometimes they are completely wrong and ought to take some responsibility (that goes with freedom, right?) for their own behaviour.
If this spam is advertising pharmaceuticals, why doesn't MS buy some of these pharmaceuticals then trace where their money went and who the beneficiary was (through the credit card records).
Then the credit card companies can block payments in future. Result - no payment, no point in spam advertising.
I seem to recall this approach was spectacularly effective in closing down MP3.com.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
