Microsoft Shuts Down Global Spam Network

[Ashraf]

Microsoft has won court approval to shut down a global network of computers which it says is responsible for more than 1.5bn spam messages every day.

A US judge granted the firm's request to shut down 277 internet domains, which it said were used to "command and control" the so-called Waledac botnet.

A botnet is a network of infected computers under the control of hackers.

The firm said that closing the domains would mean that up to 90,000 PCs would stop receiving orders to send out spam.

A recent analysis by the firm found that between 3-21 December "approximately 651 million spam e-mails attributable to Waledac were directed to Hotmail accounts alone".

It said it was one of the 10 largest botnets in the US.

Machines in a botnet have usually been infected by a computer virus or worm. Typically, users do not know their machine has been hijacked.

Microsoft said that although it had effectively shut down the network, thousands of computers would still be infected with malware and advised people to run anti-virus software.

The court order was part of what was called "Operation b49".

Along with intelligence organisation Shadowserver, the University of Washington and security firm Symantec, Microsoft managed to get a court in Alexandria, Virginia, to force Verisign, which manages the .com domain, to temporarily switch off the domains.

Microsoft said it was the result of months of investigation and described it as a legal first.

"This action has quickly and effectively cut off traffic to Waledac at the .com or domain registry level, severing the connection between the command and control centres of the botnet and most of its thousands of zombie computers around the world."

Source: BBC News

[krogen]

How does Microsoft benefit from this? That is, closing a bot network?

[Zigosity]

They were probably using it to DDoS their servers or something, and it finally got annoying enough to throw lawyers at.

Then again, maybe M$ actually did something constructive for people that wasn't oriented around profits... Who knows? Stranger things have happened.

[randomizer]

How does Microsoft benefit from this? That is, closing a bot network?

Publicity stunt.

[Sn0wm@n]

who cares if ms did it for their own agenda or not... botnets etc.. arent legal so ms did something good for the web community so it equals all of us.... TY bill

[K404]

It'll weigh down their servers, wont it? I can see why it would hack them off. (No pun intended)

[Sadasius]

Thanx Bill!

[zalbard]

who cares if ms did it for their own agenda or not... botnets etc.. arent legal so ms did something good for the web community so it equals all of us.... TY bill

+1
Burn the spammers!
Hope MS will sue whoever was behind the 'command centre' for a few millions of $$$.

Machines in a botnet have usually been infected by a computer virus or worm. Typically, users do not know their machine has been hijacked.

These are probably Windows based computers, too. So MS is responsible for this in a way.

[Hornet331]

If the guy behind the bot network was smart he had some backup urls for "emergency use" use so he could update the malware with new sites.... well at least i would have done it that way.

Imho its only a temporary solution that may lats a few weeks (maybe even less)

These are probably Windows based computers, too. So MS is responsible for this in a way.

Yeah cause ms is repsonsible for people klick on every god dman link they see on the screen... i bet if you would make a website with only one simple text lin: "get malware here" and spread it on a popular website, dozen if not hundret of people would klick it.

[zalbard]

Hey, I said "in a way", not "totally"! It could've been prevented if OS had some kind of built in sandbox or malicious code checker mechanism.

[saaya]

Publicity stunt.

yeah, definately... one of the ten largest botnets... pff...
and they broke it by shutting down domains... what a useless patch... i wonder how little time it takes those guys to get everything working again...

[god_43]

If the guy behind the bot network was smart he had some backup urls for "emergency use" use so he could update the malware with new sites.... well at least i would have done it that way.

Imho its only a temporary solution that may lats a few weeks (maybe even less)



Yeah cause ms is repsonsible for people klick on every god dman link they see on the screen... i bet if you would make a website with only one simple text lin: "get malware here" and spread it on a popular website, dozen if not hundret of people would klick it.

lol i happen to agree with you here, but the masses will believe that they have no responsibility in the matter, and will blame MS or others for their mistakes. oh and its "click", not "klick".

[annihilat0r]

my second thanks to billie

(the first is getting game companies who want to make x360 games to publish those games also for the pc, even when it's barely profitable)

[3NZ0]

M$

[The_Beast]

WAT, NO MORE VIAGRA DEALS

[Sn@ke:~]

yeah, definately... one of the ten largest botnets... pff...
and they broke it by shutting down domains... what a useless patch... i wonder how little time it takes those guys to get everything working again...

Just the time to get a new domain and infect some few hundreds newbe computer user who in trn will infect their friends.

2 days

[saaya]

WAT, NO MORE VIAGRA DEALS

hahaha

Just the time to get a new domain and infect some few hundreds newbe computer user who in trn will infect their friends.

2 days

heh, yeah, just rip some popular pc games, bundle a modified trojan with it and spread it on p2p networks like crazy and a few days later theyll be up and running like nothing ever happened...

they only emptied one of the many buckets they put under their leaky roof...

[Sam_oslo]

The news says: "Microsoft has won court approval to shut down a global network ... ", it means they have permission to do something , but it doest mean they can actually shut it down.

Nobody can shut down a botnet. It will be up and running in no time, just in a different cycle. But good attempt, anyways.

EDIT:
When i think about it, nobody needs a "court approval" for stopping hackers. But hey, maybe M$ needs court approval to shut down the infected clients remotely to stop those nasty DDoS attacks?

[rintamarotta]

The news says: "Microsoft has won court approval to shut down a global network ... ", it means they have permission to do something , but it doest mean they can actually shut it down.

Nobody can shut down a botnet. It will be up and running in no time, just in a different cycle. But good attempt, anyways.

EDIT:
When i think about it, nobody needs a "court approval" for stopping hackers. But hey, maybe M$ needs court approval to shut down the infected clients remotely to stop those nasty DDoS attacks?

Shutting down infected clients remotely is like them saying "Yes we have intentional backdoor's in Windows operating system"

[Serra]

Microsoft does more for general security than most people realize. They have transformed dramatically from the times when they were somewhat lazily fixing security bugs. They now have a large and quickly growing security force and engage in battles like this regularly. For example, recall a few years back when they put the huge bounty on the guy who wrote the MS Blaster virus?

Shutting down infected clients remotely is like them saying "Yes we have intentional backdoor's in Windows operating system"

No... it's like saying "we can't patch already infected systems because the virus is designed not to allow that".

Edit: Actually, I guess I could read this another way. MS is not shutting down the clients, they are shutting down the command and control center for the clients and they are not doing it through a back door, they are having the domain holders turn off the taps. Hopefully for them they can get that done before the people controlling these viruses can redirect them (the part that makes this an almost futile effort). The clients will remain infected, but without the ability to direct them the viruses will effectively not be able to do anything (in theory).

[RaZz!]

How does Microsoft benefit from this? That is, closing a bot network?

it's in the article:

A recent analysis by the firm found that between 3-21 December "approximately 651 million spam e-mails attributable to Waledac were directed to Hotmail accounts alone".

hotmail is run by microsoft. spam wastes a lot bandwidth and ressources.

even if it's for ms own benefit it's a good thing for everyone. however, people who got infected by these kinds of viruses are likely to get new versions of it with a fresh list of new working domains as well
so it won't take long for the botnet to be up and running again i guess.

[saaya]

Microsoft does more for general security than most people realize. They have transformed dramatically from the times when they were somewhat lazily fixing security bugs. They now have a large and quickly growing security force and engage in battles like this regularly. For example, recall a few years back when they put the huge bounty on the guy who wrote the MS Blaster virus?

thats funny, cause imo shutting down domains to try and stop a botnet is the laziest approach to solving the problem i can think of... what was their first attempt? emailing them and asking them to please please stop?
how about actually fixing the vulnerabilities?

and putting out a bounty is another perfect example of an easy way out... if you just put out a big enough bounty SOMEBODy SOMEWHERE will most likely solve your problem one way or the other...
and there is a HUGE vulnerability in IE6 7 AND 8 that microsoft has been made aware of how many months ago and they havent done a single thing?
sorry, but adobe, linux, ubuntu, suse, sun/oracle, sap, ibm, firefox, google chrome, gmail, yahoo, apple... they all fix their vulnerabilities in acceptable to short periods of time, its only microsoft that takes forever to even acknowledge a problem, and then even more time to actually fix it...

im not saying thats the truth, im just saying from all i read and see and hear going on, thats how it looks to me...

[Serra]

thats funny, cause imo shutting down domains to try and stop a botnet is the laziest approach to solving the problem i can think of... what was their first attempt? emailing them and asking them to please please stop?
how about actually fixing the vulnerabilities?

Shutting down the botnet domains is not the laziest approach, it's by far the most time- and money-intensive one. Many viruses prevent automatic updates, and hence MS had no alternative for stopping the viruses except to shut down the domains. Doing so required significant (and precedent setting) litigation, which does not come cheap.

This is the step you take after fixing the technical hole with updates, and it's actually very interesting that it has been done as no-one else has ever done this (consider, for example, that Norton/Symmantec/etc have never done this type of thing, they exist solely to fight viruses).

and putting out a bounty is another perfect example of an easy way out... if you just put out a big enough bounty SOMEBODy SOMEWHERE will most likely solve your problem one way or the other...

I don't believe anyone ever collected the bounty, or at least that was the case for year(s) after. And the bounty was for $250,000, really quite a substantial amount of money - especially when you consider the culprit was believed to have been in a 'third-world' country iirc where it tends to go further.

and there is a HUGE vulnerability in IE6 7 AND 8 that microsoft has been made aware of how many months ago and they havent done a single thing?
sorry, but adobe, linux, ubuntu, suse, sun/oracle, sap, ibm, firefox, google chrome, gmail, yahoo, apple... they all fix their vulnerabilities in acceptable to short periods of time, its only microsoft that takes forever to even acknowledge a problem, and then even more time to actually fix it...

im not saying thats the truth, im just saying from all i read and see and hear going on, thats how it looks to me...

Ummmm... you can pretty well cross Adobe, Linux (including Ubuntu/Suse), Sun, IBM, and Apple off your list there. Probably chrome and gmail too. Adobe had one of the longest running farces in security until quite recently, Linux's average response time from a security bug report to resolution is higher than Microsoft's, IBM and Sun take forever to update because every change needs such a ridiculous amount of validation, and Apple...well, then run on Linux.

It may seem like Microsoft is slow, but among the giants they are actually quite responsive these days. Proactive even, when you consider their relatively new security essentials software that is offered for free and does a bang-up job providing a service that people really should have been going to an antivirus company for in the first place.

[Biker]

Not sure if your machine is pwned?

DU meter is your friend

[Sadasius]

Well to cut off a botnet you have to cut off it's many heads. They needed the legal ground to cut off one of the heads and I am sure they are already set to cut the rest in their own way. Heck they can turn around and steal the botnet away from the hacker and use their own servers to keep it under control and use it for spidering sites for 'Bing'. Who knows what else they are going to do.