Forgot your password?
typodupeerror
Botnet Security The Courts IT

Microsoft Looks To Courts For Botnet Takedowns 93

Posted by samzenpus
from the letting-the-man-do-the-work dept.
angry tapir writes "Microsoft has seen a dramatic drop in the number of computers infected with Waledac, a piece of malicious software affiliated with a botnet that was once responsible for a massive amount of spam. In the second quarter of this year, the company cleaned only 29,816 computers infected with Waledac, down from 83,580 computers in the first quarter of the year. The drop in the number of infected machines shows the success of the legal action Microsoft took earlier in the year, according to the company."
This discussion has been archived. No new comments can be posted.

Microsoft Looks To Courts For Botnet Takedowns

Comments Filter:
  • The courts are not going to make the software secure.
    • Well, when all you've got is a hammer every problem looks like a ...

      Oh, wait. In this instance, where it is Microsoft as the problem solver, and digital security as the problem, it is more like the guy who dropped his keys in the darkest corner of the parking lot, but is looking for them 20 yards away, because that area is lit by a street light.

      • Maybe what Microsoft wants is to separate all the botnet computers from all the other computers. And if you are going to go that far, you might as well also move the most likely computers targeted to join these botnets.

        So, 2 internets. One for computers running any Microsoft OS. And the other, the real one with all the good porn, for all the other computers.

    • by jonbryce (703250)

      If a patch has been released and people refuse to install it, the courts can make software secure.

  • by Will.Woodhull (1038600) <wwoodhull@gmail.com> on Thursday October 14, 2010 @02:30AM (#33890798) Homepage Journal

    So Microsoft has found that using lawyers and courts is a more effective way for them to combat malware and botnets than building good security into their products.

    Why am I not surprised?

    On a related matter, I am starting to see more reports of the possibility of malware in the Linux ecosystem. So far it is mostly a matter of an increase in security patches for Ubuntu and Debian apps, to fix vulnerabilities that no one has managed as yet to exploit to any significant degree. So its not really an issue, simply a minor annoyance that I've been saying okay to more automated updates in the last month or so than I was seeing this time last year.

    • by RightSaidFred99 (874576) on Thursday October 14, 2010 @02:47AM (#33890862)

      You're not surprised because you don't know what you're talking about. How exactly would they prevent a user from literally running an EXE someone randomly mails them?

      I'll tell you what, I'll mail you a Linux binary and you just go ahead and run it for me. Also, have 50k of your friends run it for me too. Then tell me how surprised you are.

      Technical shortcoming.... right.

      • by omni123 (1622083) on Thursday October 14, 2010 @04:25AM (#33891104) Homepage

        I don't know what planet you are living in.

        No amount of security can ever stop a user who is determined to see the latest dancing baby screensaver from opening an exe. Linux is safe for now because it's technically competent using it, people who go to the effort to install and use it and not your every day user. If you throw a couple of million mums, dads and teenagers on it I would like to see your stats then.

        Nobody is arguing that *nix isn't inherently more secure, it is, but the reality is that nothing is unbreakable with enough time and effort. Malware creators invest time where there is a reward and that just isn't the *nix world right now.

        Even if Microsoft did a complete ground up security re-design a few thousand Malware creators will invest 2x the amount of time Microsoft did in creating it and still overcome it. The best solution is to thin that population of creators out by throwing them in jail or removing the monetary reward (through the form of legal fees) until the number of people developing the malware is less than the number of guys defending against it.

        • Re: (Score:2, Insightful)

          by camcorder (759720)
          No reward? I'd prefer to own thousands of linux servers for my botnet, not thousands of windows servers.

          Let's admit it, it's easier to hack a windows machine. Not because it's wildly used. But because it lacks fundamentals in its design. Their closed design and monopolistic approaches never let any kind of software repository to be build. So people got used to install software downloading from the Internet and double click on them. They don't have central update mechanism so that vendors can push their up
          • by Obsi (912791)

            Unix is owner-friendly, Windows is pwner-friendly.

          • Re: (Score:2, Insightful)

            by omni123 (1622083)

            No reward? I'd prefer to own thousands of linux servers for my botnet, not thousands of windows servers.

            Thousands of Linux servers do not store peoples credit card information in text files on their desktop. The reality is that end users are a much juicier target after a cost-benefit-risk analysis.

            Let's admit it, it's easier to hack a windows machine. Not because it's wildly used. But because it lacks fundamentals in its design. Their closed design and monopolistic approaches never let any kind of software repository to be build. So people got used to install software downloading from the Internet and double click on them. They don't have central update mechanism so that vendors can push their updates easily. They tried to be "user friendly" but it's evident that they created something "hacker friendly".

            Nobody will dispute the fact that Windows has a lack of security in its fundamental design. I think it is a bad claim to make that the lack of a software repository is responsible for it, as well, since apt has only been around since 1998 and *nix still did not breed the same type of users Windows does. That being s

        • by Bert64 (520050)

          No, the best solution is to get rid of the monoculture which ensures the malware creators get such a high return on their investment...

          If you have 4-5 different platforms with equal marketshare, malware authors need to invest significantly more to see the same level of returns.. Also competition between platforms would significantly increase the improvement work being done. As you point out, unix is inherently more secure but microsoft have no reason to match or exceed unix because people are still buying w

          • by Pharmboy (216950)

            If you have 4-5 different platforms with equal marketshare, malware authors need to invest significantly more to see the same level of returns..

            Then you would likely see more attacks coming from common elements of those very different platforms, such as Flash, Acrobat, or other plug-ins that would have different code bases but similar designs on all platforms. Or Office, or via Javascript, or Java, or CSS or any other common element.

            Someone pointed out above that part of the issue is that Linux users thems

            • by tlhIngan (30335)

              If you have 4-5 different platforms with equal marketshare, malware authors need to invest significantly more to see the same level of returns..

              Then you would likely see more attacks coming from common elements of those very different platforms, such as Flash, Acrobat, or other plug-ins that would have different code bases but similar designs on all platforms. Or Office, or via Javascript, or Java, or CSS or any other common element.

              Actually, that's probably why we're seeing so much more attacks via PDF and

          • by mcgrew (92797) *

            No, the best solution is to get rid of the monoculture which ensures the malware creators get such a high return on their investment

            If the market were split evenly between Apple, MS, and Linux, there would still be millions of computers on each platform to infect (and botnetware writers would still target Windows). Market share is irrelavent in malware; Apple has something like 10% but that's still millions of computers for malware writers to infect.

            As you point out, unix is inherently more secure but micro

        • First, there is a difference between clicking on dancing_bunnies.gif and dancing_bunnies.exe, and it is possible to teach many users that. However, with extensions hidden they're likely to click on dancing_bunnies.gif.exe. That's a problem with MS Windows that I don't think exists elsewhere.

          Second, while there aren't a couple million mum, dads, and teenagers with Linux boxen, there are quite a few million Macs out there, and a lot of them are owned by people who don't know much about computers - in fac

          • by omni123 (1622083)

            First, there is a difference between clicking on dancing_bunnies.gif and dancing_bunnies.exe, and it is possible to teach many users that. However, with extensions hidden they're likely to click on dancing_bunnies.gif.exe. That's a problem with MS Windows that I don't think exists elsewhere.

            The average user doesn't know the difference between a gif and an exe. If show extensions was on by default and the website they downloaded dancing_bunnies.exe off told them to run the .exe because they would get fantastic dancing bunnies, they would do it.

            You need the piece of education in the middle that drums in to their head that exe's are bad. This is fundamentally a people problem, one that transcends operating system boundaries.

      • I guess it works both ways, it's the users who don't know anything about security and will run every script and executable to get their rocks off on some twinkeling-stars-and-nice-cute-bunny-free-game-with-an-option-to-win-an-iPad-program. But i've used Linux since slackware 7.1 through 12.1 and then switch shortly to Debian and then to Ubuntu. Since i made the switch from Slack I never downloaded any scripts if i wanted to install a program. With Slack i did that sometimes when it made installation and/or

      • I'll tell you what, I'll mail you a Linux binary and you just go ahead and run it for me.

        Silly person. Why would he?

        Last I checked, downloading programs from untrusted sources is something that only Windows users do. The relative merits, whys and wherefors aren't nearly as relevant as the recognition that doing so defines (outside of strictly controlled corporate environments) what it means to be a Windows user.

      • Re: (Score:3, Insightful)

        by Bert64 (520050)

        I don't believe any linux mail client will provide a facility to execute directly from the client...
        You will have to explicitly save the file somewhere, and then you will need to change its permissions to make it executable..
        Then in order to properly embed itself into the system and hide itself, it will also require a working privilege escalation exploit, or for you to run it as root which requires you to perform yet another additional step.

        Sure, most people on slashdot know how to do that, but then most pe

      • by knarf (34928)

        Hmm, lemme see...

        1) save attached file somewhere, try to click it

        [system complains that it does not know what program to use to open an 'application/octet-stream' file]

        2) click again, dammit!

        [the same complain arises]

        Usually Joe Random User will give up now, muttering that 'this damn Linux is worth no shit'.

        Of course the crux here is that in Linux you can not just 'run' downloaded (or attached, same thing) files as they don't have execute permission. You need to explicitly add these permissi

        • Re: (Score:3, Interesting)

          by Rockoon (1252108)
          Some Linux users regularly do shit like 'sudo dpkg -i it_sounded_cool_when_i_downloaded_it.deb'

          ..or worse, follow the onscreen instructions to add a repository so that they can get that it_sounded_cool_when_i_surfed_here.deb
      • Why would I run any Linux binary that you might mail to me?

        Security issues aside, it requires more technical skills and time to prepare and run such a binary in Linux than it does to simply download the same binary from my distro's repositories. Which are rather more closely guarded by persons with security skills than what any Joe Sixpack or even I could do. If what you sent me isn't in a repository, then it would be kind of suspect to even the greenest newbie. Again, even if he trusted you fully and had

      • by mcgrew (92797) *

        How exactly would they prevent a user from literally running an EXE someone randomly mails them?

        That's one of Windows' vulnerabilities -- EXEs always run. In *nix, the extension has nothing to do with whether or not the file will execute. On top of that, there are different Windows extensions that WILL run. On top of that, the extension is hidden by default, so virus.jpg.exe will be shown as virus.jpg (IMO a really stupid move on MS's part).

        I'll tell you what, I'll mail you a Linux binary and you just go ah

      • by rsborg (111459)

        How exactly would they prevent a user from literally running an EXE someone randomly mails them?

        I predict now that the iOS AppStore model will become the new PC norm, much to our dismay. The ability to run random binaries without a curator overseeing will be gone for most folks in about 5 years. There will of course, be jailbreaking, open builds (pro OS) and such, but instead of virus-scanning taking the bulk of your computer's idle processor, it will be iTunes/Steam or the equivalent ensuring that your Ap

  • by subk (551165)
    ...Courts look for Botnets to take down Microsoft.
  • by straponego (521991) on Thursday October 14, 2010 @02:31AM (#33890802)
    While few would defend botnets, this legal technique will certainly be applied to other types of domains-- p2p, freenet, proxy, dissident, and whistleblower sites. In fact, I predict such attacks will hurt wikileaks and p2p sites more easily than botnets, because botnets don't have to have a small number of memorable domain names (they're not directly controlled by random humans). Ultimately, all of these "undesirable" types of programs/sites will work around the DNS crackdowns. But this will give even more of an edge to those who already hold nearly all the power-- corporations and governments. Really, they seem to be saying that if your domain could be used for something illegal, it can be taken away from you via rubber stamp before it's even involved.
  • I'm kind of surprised Microsoft would say something like this, but at the same time, I'm really not. I guess they are looking at it through the eyes of George Washington and not the consumer, that's why they'll just sue people into compliance. But what's going to happen when they can't sue people because malware propagates itself far more quickly than Microsoft can detect its origin? Why not take the initiative and build more secure products instead of dealing with the problem after Conficker 2 is already g
    • Re: (Score:3, Insightful)

      It spreads by mailing people exe's, which other dummies then execute. You can't design away stupidity.
      • by citoxE (1799926)
        I agree. I suppose it would have been better to state Microsoft should try to fund some public awareness type of campaign to get people like grandma to not click links to websites simply because the subject says "Cute puppy pictures."
    • by Dunbal (464142) *

      But what's going to happen when they can't sue people because malware propagates itself far more quickly than Microsoft can detect its origin?

            More to the point, when US judges realize that foreign courts aren't obliged to enforce US verdicts despite their billion dollar "awards", and that really extradition only applies to criminal, not civil cases...

  • So hopefully, they will pass to remove all malicious and infected machines from the internet forever, and i'm sure it wouldn't take much to get the Evil Microsoft infected and scrubbed off...Then Unix takes over, and the internet world will find peace! eh...forget peace, but really get rid of Microsoft already!!!
  • by MosesJones (55544) on Thursday October 14, 2010 @03:18AM (#33890948) Homepage

    Before people bleat about this being about poor MS security do remember how many dumb folks there are out there. Lots of attacks come from dumb folks using things like Bittorrent and then executing something that they really shouldn't do without having decent virus protection on their machine.

    So good on Microsoft for doing this, yes they also need to clean up their security act, which they have been doing, but also coping with the dumb people who buy their products is a decent thing to do.

    • Even as a mainly Linux user, I completely agree with the above comments.

      Software is complicated & all of it has bugs & security holes - Linux, OS X, Windows, whatever...

      Microsoft's worst mistake was believing their own marketing that sent out the message that you don't have to know much about computers to be completely secure when using one - it is the same mistake Apple are currently making.

      There are people out here using Windows (myself included) who don't see any viruses, trojans or rootkits on W

      • by Bert64 (520050)

        I have sometimes been asked to perform incident response work on behalf of clients, these are typically corporate users and every single system i've inspected has had up to date antivirus from one of the major vendors and almost all systems were up to date with microsoft patches.. Yet they still got infected.
        Sometimes the particular strain of malware is not detected by the AV they use but is picked up by others, sometimes nothing picks it up yet. AV will just protect you against lingering traces of long aba

        • Sure, and I take your point on that fully.

          But how much checking did you do into seeing what sites users could get to through firewalls & proxy servers, not to mention stuff they brought in on USB keys, drives, etc?

          Just saying...

    • I disagree. It isn't that MS has poor security, it's the fact that the MS design philosophy lends itself well to getting a computer infected. Even assuming that the people who run Linux were book smart, but virus dumb, getting a virus to run reliably an any given Linux system while being able to propagate itself would be a logistics nightmare. I wouldn't say that it couldn't happen, or that MS is necessarily worse because of it. It's the very things that make MS user friendly that make it such an easy targe

  • I don't know if it's the story or the report that's full of holes, but this makes no causal sense whatsoever.

    Notwithstanding the basic "correlation does not equal causality" tenet, where is the connection between the forcible shutting-down of botnet-controlling domains, and the botnets themselves? A p2p-vectored botnet's growth has nothing to do with the purposes for which that botnet is employed.

    Furthermore, stating that "the company cleaned fewer machines" is not equivalent to stating "their are fewer m

  • For once Microsoft is using its legal muscle for a good cause.

    I'm shocked.

  • What microsoft fails to understand, is that the people operating these malware networks are not large slow monolithic corporations, just because a piece of malware which was common a few months ago is now dying out doesn't mean the problem is gone, it just means that the authors of that malware have moved on to their latest creations...

    After all, why would you continue pushing an old piece of malware which has been reverse engineered and is detectable by every anti malware program out there, when you can wr

  • Without reading TFA, I can imagine that Microsoft is suing on the grounds that it should have the copyright on malware. There have actually been similar patents that MS has taken out before. I wouldn't be too surprised.

Facts are stubborn, but statistics are more pliable.

Working...