Forgot your password?
typodupeerror
Botnet Crime Microsoft Security Spam IT

Microsoft Conducts Massive Botnet Takedown Action 302

Posted by Soulskill
from the practice-for-fighting-skynet dept.
h4rm0ny writes "Microsoft, in cooperation with Federal agents, conducted what the Wall Street Journal described as 'sweeping legal attacks' as they entered facilities in Kansas City, Scranton, Pa, Denver, Dallas, Chicago, Seattle and Columbus, Ohio to seize alleged 'command and control' machines for the Rustock botnet — described as the largest source of spam in the world. The operation is intended to 'decapitate' the botnet, preventing the seized machines from sending orders to suborned PCs around the world."
This discussion has been archived. No new comments can be posted.

Microsoft Conducts Massive Botnet Takedown Action

Comments Filter:
  • by viablos (2018696) on Friday March 18, 2011 @08:56AM (#35528524)
    I think this shows that Microsoft cares about the internet. It's not really Microsoft's problem, but they still help to solve it. Fact is, you cannot change stupid people and they will get their computers infected no matter what. Windows 7 is just as secure as Mac OSX or Linux, but it's the users what is the problem. Good job Microsoft, for taking care of the internet.
    • Re: (Score:3, Insightful)

      by ledow (319597)

      "It's not really Microsoft's problem, but they still help to solve it."

      Wiki says: The Rustock botnet (founded around 2006) is a botnet that consists of an estimated 150,000 computers running Microsoft Windows.

      It could be suggested that, at some level, it *IS* a Microsoft problem, in the same way that it would be Nintendo's problem if everyone's Wii suddenly started joining a botnet. Yeah, partly the user and partly the malware author, but also quite a bit the OS insecurity too.

      • Re: (Score:2, Insightful)

        by Phoshi (1857806)
        Except that you can have as much security as you want, but there'll still always be people who click yes to every message box because they want... I dunno, whatever the craze is these days. 100 free animated cursors or whatever. It's not the fault of people like us, who would know how to spot a botnet, it's the fault of people that don't know, and don't care. The same would happen on *nix if you had huge quantities of people who would give anything and everything root just because it asked. What MS really
        • by AJH16 (940784) *
          They have started doing this but it still doesn't matter. I watched my brother in law launch a virus directly before I could say anything. The dialog popped up explaining the risk quite clearly and he just clicked yes without even reading it.
        • by Buggz (1187173) on Friday March 18, 2011 @09:15AM (#35528722)

          What MS really need to do is educate people - instead of an intimidating dialogue that says "DO YOU WANT TO ALLOW THIS YES | NO" there needs to be an explanation of the consequences.

          If they don't care, they don't read it. For those people, any kind of message box is in the way of them getting to what they wanted to do and thus they click on YES just to get rid of the it.

          • If they don't care, they don't read it. For those people, any kind of message box is in the way of them getting to what they wanted to do and thus they click on YES just to get rid of the it.

            So, what you really want is some sort of puzzle - a CAPTCHA like dialog that pops up, with detailed warnings and a multiple choice (non-yes/no) input requirement so you can't just click-thru without thinking...
        • http://www.thewebsiteisdown.com/ [thewebsiteisdown.com]

          See Episode 2
        • by VortexCortex (1117377) <VortexCortex@ p ... r e trograde.com> on Friday March 18, 2011 @11:07AM (#35529988)

          Except that you can have as much security as you want, but there'll still always be people who click yes to every message box because they want... I dunno, whatever the craze is these days. 100 free animated cursors or whatever. It's not the fault of people like us, who would know how to spot a botnet, it's the fault of people that don't know, and don't care. The same would happen on *nix if you had huge quantities of people who would give anything and everything root just because it asked. What MS really need to do is educate people - instead of an intimidating dialogue that says "DO YOU WANT TO ALLOW THIS YES | NO" there needs to be an explanation of the consequences.

          Actually, my parents and my neighbor are all all of the ilk that click yes to everything. They constantly infected their machines until I installed Linux for them (I used the Vista is crap FUD wars in my favor). The UI difference between XP and Win7 or Vista is somewhat similar to the difference they encountered on Linux, and there are FOSS replacements for all of the things they need to do: Email, Web, music & video, simple games, Create / Open documents & PDFs (Open office actually opens a few of my mom's MS docs that MS Office wouldn't, and the OS's print to file:PDF is a brilliant built in feature.)

          My neighbor (a 75yr old retired mechanic) has actually commented that he finds the Linux OS prompt dialogs easier to understand & more informative.

          Windows: User Account Control stops unauthorized access to your computer. If you started this action, continue. ____(Program/Action)____
          ____(Publisher)____

          Linux: To install or remove software, you need to authenticate. (An application is attempting to perform an anction that requires privileges. Authentication is required to perform this action.
          Password: ____
          (click here for details)
          Action: ___
          Vendor: ____

          He has less problems using Linux (shaky hands -- Gnome has drag & drop threshold, no more accidental file copy or moves).

          The yes-clickers still click yes to everything, they have tons of software installed from the repositories that they don't really need, just because they never uninstall things after they try them. They have yet to contract a virus. Theoretically they are still at risk, and if the Linux using crowd becomes a large enough target, we may see more viruses in Linux (this theory has yet to be proven, and fails to consider that, unlike Windows, Linux has many different distributions and a better update policy).

          However, right now, Windows is the only OS that has rampant malware problems. If you are concerned with the rampant virus problem, it would be wise to not willfully expose yourself to it by not using the only OS brand with such a problem... It seems like a simple solution, UI difference FUD & incompatible application FUD be damned; I've found that most people who actually give desktop distros of Linux an earnest try have no more problems than people upgrading from XP to Win7.

          Yes, there are people who must use some program that just doesn't have a FOSS replacement or run well in WINE -- These people are not the average user that has been trained to clicks yes to everything and hosts botnets.

        • Your absoulutely right, and hostages are at fault for being in that bank at that time. Of course the bank robbers don't have anything to do with it. Thats their job, they are just part of nature. The hostages should have been carrying guns, trained for years in martial arts and been wearing armored vests and carrying secure military style communcations systems, driving hum vee's with automatic weapons on them to protect against the threats in their neighborhood bank.

          I think this is a good analogy to the env

        • by CohibaVancouver (864662) on Friday March 18, 2011 @11:52AM (#35530924)

          there'll still always be people who click yes to every message box because they want

          I'm not a network admin, but sometimes I wonder if the place to trap this is upstream at the ISP - So if my mum's box is a bot it doesn't matter (other than the slowdown) because the "bad" traffic from her machine is stopped at the ISP?

          • Except that then the ISP's become gatekeepers and they end up being force to monitor other stuff such as bittorrent, voip, IM, etc. I have no problem with ISP's sending an email or making a phone-call to users who's traffic suddenly changes, but they shouldn't be taking immediate action unless their customer asks them to.
      • by Joce640k (829181) on Friday March 18, 2011 @09:11AM (#35528676) Homepage

        How can you secure an OS against users who click "yes"?

        Windows is already a total pain in the butt trying to nanny/protect people but it's made no difference whatsoever to the amount of spam arriving here.

        • by Bert64 (520050) <bert AT slashdot DOT firenzee DOT com> on Friday March 18, 2011 @09:16AM (#35528734) Homepage

          Make cut down systems with limited functions aimed at end users (eg ipad), this will serve end users much better since they no longer have to worry about the complexity of a general purpose os...

          Advanced users can still use more complex computers, on the basis that advanced users are far less likely to fall for social engineering tricks, you don't see many such attacks aimed at people using a cli based unix system.

          • Too true (Score:5, Insightful)

            by Kupfernigk (1190345) on Friday March 18, 2011 @09:36AM (#35528932)
            I completely agree. For the great majority of users, computers have become just too complicated and confusing to operate, and the great majority of users are also stupid. Microsoft is part of the problem because, in its effort to gain consumer market share, it has just allowed those users to do far too much, in ignorance.

            The same thing happened with cars; when they were rare and and expensive, the people who bought them either employed someone to drive them or were sufficiently interested to learn to do it properly themselves. When the mass market really took off, driving licences followed, along with compulsory insurance. But, at the same time, the "user interface" got simplified and standardised.

            The iPad, or a laptop equivalent, is what most people actually want. But Microsoft's entire consumer business model is currently based around not giving it to them. It looks as if we are going to have to rely (currently) on Apple, HP and perhaps Motorola to come up with a reasonably secure solution to letting the monkeys into the banana plantation, since most of us are never going to be in a position to force them to use Windows 7 with a non-Administrator account.

            • Re: (Score:3, Insightful)

              by ciderbrew (1860166)
              I would mod you troll or flamebait for a comment like "great majority of users are also stupid"; but the rest of what you wrote is right. These people are not stupid, they just have interests other than computers. I've no idea what that may be; but they seem to have them.
              • Incorrect. Vast majority of users are stupid, because they fall for the same tricks over and over and over again.

                Is someone who crashes their car while texting stupid? Not necessarily.
                If, after getting into an accident because of texting, they continue to text while driving? Then I have to question their intelligence.

                Face it...computers are no longer just an interest. Anybody who uses a computer for more than 5 hours a week should be competent enough to avoid the vast majority of attacks. The fact that

              • These people are not stupid, they just have interests other than computers.

                Agreed. Computer enthusiasts forget how much effort went into learning how to interface with computers without problems. Unfortunately, when you try to explain it to someone who doesn't want to spend months or years learning, an endless stream of "All you have to is A, all you have to do is B, all you have to do is C" for the simplest concepts is a source of frustration.

                The biggest problem, I imagine, is that when they ask for assistance, they aren't wanting or attempting to learn something complex, they'

              • by E-Rock (84950)

                I've seen people who got infected from an e-mail, with a password protected zip file. They had to copy the file, open it, enter the password, then run the file in there, then click through UAC, then got infected.

                There is no level of technical protection that can protect that user.

            • Re:Too true (Score:5, Insightful)

              by recoiledsnake (879048) on Friday March 18, 2011 @09:59AM (#35529164)

              I completely agree. For the great majority of users, computers have become just too complicated and confusing to operate, and the great majority of users are also stupid. Microsoft is part of the problem because, in its effort to gain consumer market share, it has just allowed those users to do far too much, in ignorance.

              The same thing happened with cars; when they were rare and and expensive, the people who bought them either employed someone to drive them or were sufficiently interested to learn to do it properly themselves. When the mass market really took off, driving licences followed, along with compulsory insurance. But, at the same time, the "user interface" got simplified and standardised.

              The iPad, or a laptop equivalent, is what most people actually want. But Microsoft's entire consumer business model is currently based around not giving it to them. It looks as if we are going to have to rely (currently) on Apple, HP and perhaps Motorola to come up with a reasonably secure solution to letting the monkeys into the banana plantation, since most of us are never going to be in a position to force them to use Windows 7 with a non-Administrator account.

              I call BS. Anytime MS even tries to look at that route, Slashdot screams bloody murder.

              Read the comments:

              http://tech.slashdot.org/article.pl?sid=09/02/16/2259257 [slashdot.org]
              http://it.slashdot.org/story/08/07/30/204241/Dual-Boot-Not-Trusted-Rejected-By-Vista-SP1 [slashdot.org]

              And the iPad comes with a 30% tax on developers and services like Netflix which they or users have to pay. Do you want a future where companies can reject their competitors' apps 'just because' ? See what happened to Google Voice on the app store, and how an Android magazine app was banned. Do you really want to go that route? There would be no Firefox or Chrome, or even podcast players for 'duplicating functionality' because that would confuse users.

              • And the iPad comes with a 30% tax on developers...

                And developers don't have to pay anything for the bandwidth to have their app downloaded; nor do they have to with companies like Digital River and pay them a percentage of sales; nor do they have to try to get into various distribution channels since they're included in the now de-facto standard distribution channel for all Macs. Developers are getting something in return for that 30%. Also, for free apps, 30% of $0 is $0.

                Do you want a future where compan

                • And the iPad comes with a 30% tax on developers...

                  And developers don't have to pay anything for the bandwidth to have their app downloaded; nor do they have to with companies like Digital River and pay them a percentage of sales; nor do they have to try to get into various distribution channels since they're included in the now de-facto standard distribution channel for all Macs. Developers are getting something in return for that 30%. Also, for free apps, 30% of $0 is $0.

                  Your point would be more valid if it was an optional thing instead of forced. Then people would've gone to the best choice.If Digital River changed to take only 10%, some developers might go there putting pressure on Apple. But there's nothing of that sort allowed.

                  And maybe you missed the latest news ?
                  http://www.washingtonpost.com/wp-dyn/content/article/2011/02/19/AR2011021902399.html [washingtonpost.com]

                  They provide nothing of what you said for in app subscriptions(except exposure), but they still want a 30% cut of revenue. Yo

              • by tlhIngan (30335)

                And the iPad comes with a 30% tax on developers and services like Netflix which they or users have to pay.

                Sigh. People keep spouting such untruths that it's increditble.

                The 30% tax applies only on on-device subscriptions. How they generalize "I subscribe to service on my iDevice" to "I subscribe to service" is... incredible.

                If you subscribe to Netflix via the iDevice app then yes, Apple takes their 30% cut, as Apple brought you a subscriber. Think of it as a referral fee.

                If you subscribe to Netflix via the

            • Re:Too true (Score:5, Insightful)

              by h4rm0ny (722443) on Friday March 18, 2011 @10:10AM (#35529264) Journal

              For the great majority of users, computers have become just too complicated and confusing to operate,

              I think a part of that is people just don't accept that they have to learn how to use a computer. If they actually accepted that maybe they couldn't just sit in front of this complicated piece of equipment and magically do everything, then perhaps they'd take a few moments to think or read about it and then it wouldn't be so complicated and confusing to them.

              There was someone extremely irritating at a place I worked some years ago, who asked me to help them line up the paragraphs in Word (some older version than the latest). After helpfully pressing a few buttons to line things up on the left again, accompanied by the cooing wonder of this ...person... and their inane comments of "oh, I'm so bad at computers", I made the mistake of pointing out the Help option in Word and saying: "you know, there's documentation on this. It would be worth taking an hour to read through it all.". Instant snappy nastiness ensued. I seemed to have called them a liar when they said that they were bad with computers and somehow implied that it was their fault. Goodness me! How dare I?

              If someone who uses Word every working day of their life can't be bothered to spend an hour (less, really) reading through a little bit of documentation or a tutorial, then what hope is there? Must we all suffer from locked down, dumbed down systems because some people expect everything in life to be super-easy?

              I see the point you're making. I fully understand it. But those of us who actually use our brains despise a looming future in a world where we're not able to because some people might injure themselves if they tried.

          • by drinkypoo (153816)

            Or you could make a cut down system with limited functions aimed at end users (eg Android) and advanced users can use the same operating system and run applications directly on the kernel to do heavy lifting via the NDK.

            There is absolutely no reason for an either-or approach. Much of the stuff that goes into an enterprise-grade, server-class operating system is useful on a handheld, too... which is why neither iOS nor Android involved a kernel-writing project, only modifications to an existing, mature piece

          • The attacks generally arrive through Java, or Flash, or PDF, and are in many ways browser and OS agnostic; they simply have to be tweaked to run on a different OS. The only thing saving you in that CLI scenario is the fact that Lynx doesnt have a PDF or flash plugin.

        • Re: (Score:3, Informative)

          by ledow (319597)

          Don't give them the option to click Yes to incredibly stupid things like "Run this program every time I start my computer, with no easy way to monitor it or stop it from loading" (the latest one I've seen is viruses that replace the user's shell value in the registry - somewhere not listed in startup lists - and then re-execute explorer).

          Or "Allow this program to spam the hell out of everyone with no controls on what they are doing on the Internet on SMTP ports and whatever it likes, as much as it likes, wi

          • Clicking yes isnt the problem. If a virus is prompting you to do things, most malware authors will not release it. The good ones you see in the wild exploit browser plugins and then check their permissions-- if they are admin, they rootkit, of they are a normal user they install userland junk. No UAC prompt is ever triggered, nor is there a "are you sure you want to run" box-- the code is already running.

            All this armchair discussion on how to fix the virus issue is wonderful, but one suspects that most p

        • by jonbryce (703250)

          Make it easier to say No, for example by requiring a password to install it.

      • by h4rm0ny (722443)
        It is a MS problem to some extent because there's still a heck of a lot of XP installs out there. In a sense, we're still paying for past wrongs. Even with XP, it's still primarily the users fault (I looked after some XP boxes for others and they were always fine), but it's security model wasn't as good as any Linux distro you care to name. With Windows 7 though, they're equivalent. The only difference is that most Linux distros will ask you to enter your password and click OK, whilst Windows 7 will display
        • Actually, if you're not running an admin account, Win 7 will ask for the admin account password for anything that gets a UAC prompt. I know this because the demo machines are work are secured suchly, and the box has popped up with password requirements.

          • by h4rm0ny (722443)
            Ah, interesting. I guess that kind of reveals that I run my set up as an Admin account, then.
            • Actually, hilariously, it asks for a password even if one isn't set up. Found out the fun way when I needed to install something on a computer, and the password didn't work on the prompt. After contacting the tech-in-charge to double-check the password, I tried logging on to the admin account, and it went right in without asking for a password. Pointed out to TIC when he got in that he'd missed the password on that one.

        • The only difference is that most Linux distros will ask you to enter your password and click OK, whilst Windows 7 will display a big yellow-topped box and just ask you if you're sure.

          This can be reconfigured to prompt for a password. I have no idea why it isn't by default.

          Of course, finding this setting is a pain... you have to run secpol.msc (msc files open Microsoft's Management Console) and find the entry named "User Account Control: Behavior of the elevation prompt for administrators in Admin Approval

        • by Blakey Rat (99501)

          The only difference is that most Linux distros will ask you to enter your password and click OK, whilst Windows 7 will display a big yellow-topped box and just ask you if you're sure.

          Only if you're already running as Admin.

          If you're really concerned about security, you should be running a normal User account, and then UAC will ask for a password to perform administrative tasks.

          I believe that setup is identical in every OS-- I haven't tried every Linux, but Windows Vista/7 and OS X certainly behave the same.

          • by h4rm0ny (722443)
            Didn't really mean to give them flak. I think the systems are pretty much comparable, I was just trying to be complete in my analysis. I do run my Windows box as Admin. It's not my primary OS and I wasn't aware of that until another poster also pointed it out. I mainly just use my Windows partition for MS Office and occasional audio work, for everything else it's either Gentoo or (when I've broken Gentoo), Kubuntu. I wasn't giving Windows 7 grief - I actually really enjoy using it.
      • by Blakey Rat (99501) on Friday March 18, 2011 @11:20AM (#35530228)

        Yeah, partly the user and partly the malware author, but also quite a bit the OS insecurity too.

        But... it's not "partly" the user, it's like 80% the user. And "OS insecurity" is more often insecurity in Adobe or JavaVM or QuickTime than it is in Windows itself. (Although there is some Windows in there, admittedly.)

        So, I agree with the OP here. If it was a fair world, every software vendor on Windows whose software was full of security holes should be helping out with this... Adobe is responsible for a lot more attacks than Microsoft has been in the last decade. It's been a long while since Microsoft was the main cause of the problem.

      • by LordLimecat (1103839) on Friday March 18, 2011 @11:34AM (#35530540)

        OS insecurity has very little to do with it. Make 'rootkit_and_sendspam.sh' and run it from a Linux box, it will work just as well. Whats that, gksu will prompt you if you really want to do that? IIRC Vista and seven do as well, and if people actually followed Microsoft's best practices for XP, youd get a runas prompt on that as well.

        In 5 years, the story will be about Apple viruses; that doesnt mean Unix is insecure (though it may indeed be because of Adobe flaws).

    • Don't forget that botnets that infect Windows machines make Microsoft look bad, so they do have a personal interest in taking them down.
    • Re: (Score:2, Informative)

      It really is Microsoft's problem. The majority of the systems in the compromised botnet are running their software, and since they don't allow their customers to upgrade to Win7 for free, they're still responsible for patching security holes in old systems. If they have in any way made it difficult to apply these updates, or if they're discouraging people from applying these updates (WGA anybody?), then they're directly responsible for the insecurity of these systems.

      That they're helping to track and destro

      • by piripiri (1476949)
        But isn't it pointless to 'decapitate' zombies?
        • by fifedrum (611338)
          Thank you for posting that question. I think the answer is yes. Yes it's pointless. How do I know? I work at a top 20 email hosting company serving several million customers, and we graph inbound rejects, caught spam, and email that finally makes it through to the customer inbox. The graphs haven't fluctuated as much as one might expect. So, IMO, the botnets are still active, or the level of activity was overestimated.
      • > they're still responsible for patching security holes in old systems.

        What security holes in which old systems are unpatched? WGA doesn't stop security updates, MS even provides known pirated machines security. Stop spouting BS.

    • by Bert64 (520050) <bert AT slashdot DOT firenzee DOT com> on Friday March 18, 2011 @09:13AM (#35528706) Homepage

      Sure, you cannot change stupid people but you can make it more difficult for their stupidity to be exploited...
      Similarly windows 7 may be better than previous versions, but it's no magic bullet and does nothing to remove all the existing old versions out there either...

      MS are directly responsible for many insecure design decisions and technologies which make it easier for malware, such things as hiding file extensions by default while relying on file extensions to determine executability, activex, allowing/encouraging users to run with admin privileges by default, having extremely complex network services (msrpc, netbios etc) running by default even on standalone workstations, making it simple to execute email attachments, using obfuscated file formats which make it easier for malicious code to hide, automatically executing programs when removable media is inserted, no centralised way to update third party applications... not to mention an os which is insanely complex and containing years and years worth of cruft giving huge numbers of places for bugs to hide and often making it more difficult to fix them.

      Sure, malware would still exist if linux or macos were the most common end user platform, but i don't believe the problem would be as serious as it is with windows.

    • by Nimey (114278)

      Occam's Razor: more likely they're tired of dealing with spam going to Hotmail/Live, and this is an expedient way to reduce it.

    • by Herkum01 (592704)

      I think it says, that "Law Enforcement" does not have the technical abilities nor a direct interest in taking a lead in these sorts of operations.

      It also concerns me because the government is turning to corporations to take the lead. This is how corporate entities, like the RIAA and MPAA, gain overwhelming political power to push their agenda. We just get a a government that becomes an extension of a corporations will.

    • by Foofoobar (318279)

      It's not really Microsoft's problem, but they still help to solve it.

      Bad engineering isn't their problem? You seem to lack a basic understanding of computers yourself and shouldn't be operating the one you are on. I hereby revoke your license.

    • by erroneus (253617)

      Please acknowledge that Microsoft has a great deal of self-interest in this. It is rarely reported that it's mostly about Windows machines being compromised and such. (Yeah, it's also not frequently mentioned that Adobe products are among the more commonly exploited points of entry into these Windows machined)

      There is also a certain responsibility behind having achieved "monopoly" status and maintaining their "critical mass." It's a huge job and Microsoft certainly needs to take it seriously. Government

  • by damicatz (711271)

    Since when do private corporations get to conduct raids and other police actions?

    • According to TFA, "Microsoft launched the raids as part of a civil lawsuit", "U.S. marshals accompanied employees of Microsoft's digital crimes unit", and "Microsoft officials brought with them a federal court order granting them permission to seize computers". I'm afraid this doesn't really answer your question, but it looks like it's suggesting that a) the computers were actually seized by the feds, and b) TFA is copypasta from a Microsoft press release.
    • by Dunbal (464142) *
      You missed the "in co-operation with federal agents" part, huh?
    • Since Microsoft people are the ones with the knowledge and resources to make the raid actually successful and a US Marshall realized they didn't. Hence the cooperation.

      It's not a kick the door down and handcuff the drug-dealers sort of raid. Its a highly technical and fragile situation; the slightest misunderstood keystroke, unplugged wire etc. could destroy all the evidence they hoped to gather. If you were conducting a raid on a warehouse making bio-weapons instead of cyber-weapons, would you rather
    • by cpu6502 (1960974)

      - "Microsoft officials brought with them a federal court order granting them permission to seize computers"

      Sounds like corporatism to me. A hundred years ago in a small country called Italy, it was called a different word, starting with "F".

      • No (Score:5, Informative)

        by Kupfernigk (1190345) on Friday March 18, 2011 @09:42AM (#35528976)
        It was under 90 years ago, and in any case the point there was that corporations were part of the State. In this case, the corporation applied to the Government for authorisation and the police supervised it. Under Fascism, the Government would have instructed Microsoft to carry out the raid. See the difference?

        Perhaps you should upgrade your nick to a more modern CPU.

    • That all started back in 1997 when slashdotters stopped reading the fucking articles.

    • by Blakey Rat (99501)

      Microsoft is probably just providing technical assistants to the Feds doing the raid, and the article and Slashdot summary are very poorly-written. Would be my guess.

  • by Dunbal (464142) *
    I mean ok, I appreciate the effort and it makes sense to go after the control machines. But if a huge number of compromised machines are still out in the wild as dormant zombies, all it takes is for someone to find out how to reactivate them and we're back to square one.
    • Oh, you don't have to worry about that. Microsoft have definitely cleaned up all the possible botnet controllers to be found in the US.
  • by smooth wombat (796938) on Friday March 18, 2011 @09:12AM (#35528692) Homepage Journal

    So that's why Micheal left. He knew the Feds were closing in.

  • Suborned? Really? I had to look it up. freedictionary says: 1. To induce (a person) to commit an unlawful or evil act.
    Was this supposed to be subordinate or simply sub machines?
    I prefer minions myself.

    • by JSBiff (87824)

      Well, since the control servers which were siezed sent the commands to the zombies which caused them to commit unlawful acts, I think suborned is probably appropriate.

    • by h4rm0ny (722443)

      Suborned? Really? I had to look it up. freedictionary says: 1. To induce (a person) to commit an unlawful or evil act.

      Ahhh, you learned a new word - don't complain! ;)

  • All you need to do is actually buy something from spam. Whomever takes the money and where is goes should tell you who did the spamming. Buy stuff from multiple email and triangulate who is doing what. I would think Visa and Mastercard in cooperation with the big banks could track down everyone profiting.

    I think it's reasonable cause that if you profit from spam your probably paying for it somehow and should be enough to get your financial records.

  • Were I doing this, the first thing I'd do wouldn't be to "seize" the control machines, but watch a little while and find out some information on all the bots themselves. You know, the information needed to really fix the problem for good. Not just shut down a controller. If the machines are really compromised, surely the control machines can in some way shut down the bots by other than just stopping telling them spam to send. Does the malware have the ability to upgrade on command? I'd put that in if I
  • by MikeURL (890801) on Friday March 18, 2011 @11:30AM (#35530442) Journal

    I know there will be some hand wringing over this. As in "OMG next thing you know they will bash down your door for pirating clippy!!!"

    But botnets have caused a lot of real people a lot of actual suffering. Giving them a free pass is like allowing a completely lawless worldwide network to exist with no regulation. Sorry, human beings can't be trusted with that much freedom (sad as it makes me to say that but it is true).

    For a long time MS was looking at law enforcement and they were saying "do something" and law enforcement looked back and said "no you". it got so bad we had university researchers stepping in to do something but with a fear of lawsuits on their back they didn't disable the botnets. So now we finally have MS and law enforcement working together to deal with an intractable problem. It is overdue and anyone who objects has the burden of proving they have a demonstrably better plan to deal with the situation.

  • I guess maybe that now they realize people just wont pay for their updates and patches anymore, and do not care to upgrade, they have not choice but to pro bono this move to help with the spamming situation. I applaud their effort, but did they have to wait so long?
    They have the source code to all this, and could have sent this out 10 years ago to all xp pcs....but i guess they think its all about the green backs now don't they.

    I guess I can give them points for making the internet that much safer.

I am the wandering glitch -- catch me if you can.

Working...