Forgot your password?
typodupeerror
Botnet Security The Courts IT

Microsoft Looks To Courts For Botnet Takedowns 93

Posted by samzenpus
from the letting-the-man-do-the-work dept.
angry tapir writes "Microsoft has seen a dramatic drop in the number of computers infected with Waledac, a piece of malicious software affiliated with a botnet that was once responsible for a massive amount of spam. In the second quarter of this year, the company cleaned only 29,816 computers infected with Waledac, down from 83,580 computers in the first quarter of the year. The drop in the number of infected machines shows the success of the legal action Microsoft took earlier in the year, according to the company."
This discussion has been archived. No new comments can be posted.

Microsoft Looks To Courts For Botnet Takedowns

Comments Filter:
  • by symbolset (646467) on Thursday October 14, 2010 @02:26AM (#33890782) Journal
    The courts are not going to make the software secure.
  • by subk (551165) <drumhedNO@SPAMgmail.com> on Thursday October 14, 2010 @02:31AM (#33890800)
    ...Courts look for Botnets to take down Microsoft.
  • by straponego (521991) on Thursday October 14, 2010 @02:31AM (#33890802)
    While few would defend botnets, this legal technique will certainly be applied to other types of domains-- p2p, freenet, proxy, dissident, and whistleblower sites. In fact, I predict such attacks will hurt wikileaks and p2p sites more easily than botnets, because botnets don't have to have a small number of memorable domain names (they're not directly controlled by random humans). Ultimately, all of these "undesirable" types of programs/sites will work around the DNS crackdowns. But this will give even more of an edge to those who already hold nearly all the power-- corporations and governments. Really, they seem to be saying that if your domain could be used for something illegal, it can be taken away from you via rubber stamp before it's even involved.
  • by RightSaidFred99 (874576) on Thursday October 14, 2010 @02:47AM (#33890862)

    You're not surprised because you don't know what you're talking about. How exactly would they prevent a user from literally running an EXE someone randomly mails them?

    I'll tell you what, I'll mail you a Linux binary and you just go ahead and run it for me. Also, have 50k of your friends run it for me too. Then tell me how surprised you are.

    Technical shortcoming.... right.

  • by RightSaidFred99 (874576) on Thursday October 14, 2010 @02:48AM (#33890870)
    It spreads by mailing people exe's, which other dummies then execute. You can't design away stupidity.
  • by Dunbal (464142) * on Thursday October 14, 2010 @02:50AM (#33890874)

    It would be the exact same issue on Linux and Mac OS X too.

          Then why isn't it? While it's easy to shift blame onto the user, this completely overlooks the fact that a system designed with the capability of executing foreign code without any kind of privilege escalation check is just asking for trouble. No one should have to worry about those puppies or that porn in the first place.

  • by odies (1869886) * on Thursday October 14, 2010 @03:05AM (#33890916)

    Because Windows is installed on 95% of computers and all the casual users are there. Linux users mostly, at least somewhat, know better what they are doing. On the other hand, there has been similar trojans on Mac OS X too.

    And privilege escalation? Why would sending email or keylogging the current user need root access? It doesn't.

  • by MosesJones (55544) on Thursday October 14, 2010 @03:18AM (#33890948) Homepage

    Before people bleat about this being about poor MS security do remember how many dumb folks there are out there. Lots of attacks come from dumb folks using things like Bittorrent and then executing something that they really shouldn't do without having decent virus protection on their machine.

    So good on Microsoft for doing this, yes they also need to clean up their security act, which they have been doing, but also coping with the dumb people who buy their products is a decent thing to do.

  • by wmac (1107843) on Thursday October 14, 2010 @03:32AM (#33890980) Homepage
    Who did downrank parent of this message to -1?

    Oh, I almost forgot. This is slashdot and you cannot !(badmouth) Microsoft.
  • by omni123 (1622083) on Thursday October 14, 2010 @04:25AM (#33891104) Homepage

    I don't know what planet you are living in.

    No amount of security can ever stop a user who is determined to see the latest dancing baby screensaver from opening an exe. Linux is safe for now because it's technically competent using it, people who go to the effort to install and use it and not your every day user. If you throw a couple of million mums, dads and teenagers on it I would like to see your stats then.

    Nobody is arguing that *nix isn't inherently more secure, it is, but the reality is that nothing is unbreakable with enough time and effort. Malware creators invest time where there is a reward and that just isn't the *nix world right now.

    Even if Microsoft did a complete ground up security re-design a few thousand Malware creators will invest 2x the amount of time Microsoft did in creating it and still overcome it. The best solution is to thin that population of creators out by throwing them in jail or removing the monetary reward (through the form of legal fees) until the number of people developing the malware is less than the number of guys defending against it.

  • by unapersson (38207) on Thursday October 14, 2010 @05:06AM (#33891268) Homepage

    Not just that:

    1) software is not acquired through random internet downloads but through a package manager
    2) random internet downloads are harder to install, you don't just double click and have to make them executable
    3) windows has shown again and again that it makes infection easy: auto running things from cd/usb stick, easy running of executables, hiding filename extensions. None of those problems extend to Linux and they've been the most common way for these things to spread.
    4) a user has a level of proficiency before they're happy to open a terminal and run random commands from the internet, and by that point they're likely to know what the commands do
    5) most linux distros don't need the command line for day to day operation, it's only there for advanced users
    6) Linux distros keep themselves and all software on them up to date. It's not something handled by the user or by each piece of software having it's own updater.

    Linux could have problems, but the security holes found are much harder to exploit due to the way everything is set up by default, and how the system is used. A lot of Windows security problems have been "as designed".

  • by camcorder (759720) on Thursday October 14, 2010 @05:19AM (#33891318)
    No reward? I'd prefer to own thousands of linux servers for my botnet, not thousands of windows servers.

    Let's admit it, it's easier to hack a windows machine. Not because it's wildly used. But because it lacks fundamentals in its design. Their closed design and monopolistic approaches never let any kind of software repository to be build. So people got used to install software downloading from the Internet and double click on them. They don't have central update mechanism so that vendors can push their updates easily. They tried to be "user friendly" but it's evident that they created something "hacker friendly".

    Linux is less used so it's not hacked in masses is a fallacious claim. Everyone knows it's hard to convince a Linux user to 'download and run' an application since it has longer path to convince users to do that. Of course nothing is fool-proof, but vast majority of people getting infected with these worms are not fools, they are just victims of stupid design decisions. Even very technical people get infected with viruses and worms in Windows, remember recent Google case in China to be convinced.
  • I don't believe any linux mail client will provide a facility to execute directly from the client...
    You will have to explicitly save the file somewhere, and then you will need to change its permissions to make it executable..
    Then in order to properly embed itself into the system and hide itself, it will also require a working privilege escalation exploit, or for you to run it as root which requires you to perform yet another additional step.

    Sure, most people on slashdot know how to do that, but then most people who know how to do that also know not to do that.

    Technical shortcomings of windows make it much easier, and therefore more likely, for bad things like this to happen.

  • by bhtooefr (649901) <bhtooefr&bhtooefr,org> on Thursday October 14, 2010 @06:12AM (#33891508) Homepage Journal

    And Windows DOES have a privilege escalation check. It's called UAC. Lots of people disable it because of poorly-written software that needs admin rights all the time, but it is there.

    The problem is the dancing bunnies problem [codinghorror.com]. And there's only one way around that - an iOS-style walled garden, where Microsoft approves every Windows app that can run manually.

  • by tehcyder (746570) on Thursday October 14, 2010 @11:18AM (#33894754) Journal

    There are millions of Macs shipped yearly. That seems like a pretty lucrative target to me

    Yes, but while (say) 90% of computers are running Windows, what's the point of making the effort to do a Mac or Linux version of a virus/trojan, even if you could?

    If you're shooting fish in a barrel, you don't care about the little ones you may miss because they're hiding under the big uns on top.

  • by orient (535927) on Thursday October 14, 2010 @01:34PM (#33897316)
    #6 does not apply to Windows and Linux equally: Windows Update is not updating Adobe for you every time a patch is released. You need to have a program running to check for updates and each program tends to have its own little utility sitting in the tray area and using resources.
  • by omni123 (1622083) on Thursday October 14, 2010 @09:49PM (#33903680) Homepage

    No reward? I'd prefer to own thousands of linux servers for my botnet, not thousands of windows servers.

    Thousands of Linux servers do not store peoples credit card information in text files on their desktop. The reality is that end users are a much juicier target after a cost-benefit-risk analysis.

    Let's admit it, it's easier to hack a windows machine. Not because it's wildly used. But because it lacks fundamentals in its design. Their closed design and monopolistic approaches never let any kind of software repository to be build. So people got used to install software downloading from the Internet and double click on them. They don't have central update mechanism so that vendors can push their updates easily. They tried to be "user friendly" but it's evident that they created something "hacker friendly".

    Nobody will dispute the fact that Windows has a lack of security in its fundamental design. I think it is a bad claim to make that the lack of a software repository is responsible for it, as well, since apt has only been around since 1998 and *nix still did not breed the same type of users Windows does. That being said Windows Update has been around since 1998 as well (though apt was preceded by dselect circa '95?).

    I'm not arguing that Windows has bred the kind of users that are inherently stupid, for lack of a better word, when it comes to technology. The flipside is this idea is not going anywhere--the average users wants it done, they want it now, they want it to be easy and they don't want to have to know anything about the technology.

    Linux is less used so it's not hacked in masses is a fallacious claim. Everyone knows it's hard to convince a Linux user to 'download and run' an application since it has longer path to convince users to do that. Of course nothing is fool-proof, but vast majority of people getting infected with these worms are not fools, they are just victims of stupid design decisions. Even very technical people get infected with viruses and worms in Windows, remember recent Google case in China to be convinced.

    You are missing the central point of the argument that is its bread and butter. Let me lay it out for you.

    Linux is less used:
    => People use it because they WANT to use it and they understand it
    => Millions of idiots do not use it
    => Millions of idiots do not click download run anything that pops up
    => Linux is targeted less often by malware because there is less people using it

    I'm not arguing that if suddenly the 0.85% of users who use *nix were all cloned a million times and the average level of technical expertise remained the same. I'm arguing that if everyone who is currently using Windows (i.e. your parents, grandparents and kids) trying to get on Facebook started using it they would do whatever they had to do to get FarmVille to run.

    Even if that's a sudo ./MaliciousBinary.

    I concede that if Windows popped up a giant box calling you a moron with red flashy lights then made you start-run-cmd and sudo it every time you attempted to run an exe then a whole lot less people would do stupid things. Right up until the malware designers came up with a way to bypass it, because it would be worth it.

    The fundamental theory of security is that nothing is unbreakable with enough time and effort. If the motivation was there malicious software designers would spend that time on *nix, but it isn't because the largest group of technically incompetence users is on Windows; shift them to *nix and it would be a different story.

    Believing anything is ignorance.

"A great many people think they are thinking when they are merely rearranging their prejudices." -- William James

Working...