Microsoft Shuts Down Global Spam Network

[Sly Fox]

This isn't targeted at anyone in particular. But I really can't believe some people are twisting this negatively.

Microsoft certainly aren't saints, but you won't find any normal human beings or businesses that are.

[RaZz!]

thats funny, cause imo shutting down domains to try and stop a botnet is the laziest approach to solving the problem i can think of... what was their first attempt? emailing them and asking them to please please stop?
how about actually fixing the vulnerabilities?
[...]

you download a file blubb.exe and execute it. unfortunately blubb.exe contains a virus.
how is microsoft supposed to fix this "vulnerability"?

most infected systems are caused by the vulnerability called user

[Sam_oslo]

Shutting down domains won't shut down the botnet. But I don't see why M$ should get involved in that, because that's not their specialty or the area of expertise.
But maybe using the "backdoor" to shut down the infected clients is where one could use M$-involvement and their area of expertize to solve those nasty DDoS attacks mess?

[saaya]

It may seem like Microsoft is slow, but among the giants they are actually quite responsive these days. Proactive even, when you consider their relatively new security essentials software that is offered for free and does a bang-up job providing a service that people really should have been going to an antivirus company for in the first place.

k... ill take your word for it...

Well to cut off a botnet you have to cut off it's many heads. They needed the legal ground to cut off one of the heads and I am sure they are already set to cut the rest in their own way. Heck they can turn around and steal the botnet away from the hacker and use their own servers to keep it under control and use it for spidering sites for 'Bing'. Who knows what else they are going to do.

well thats what i dont get...
those machines are infected because they are old and not up to date and full of vulnerabilities... right? well who else knows how to exploit those vulnerabilities better than microsoft itself? so why dont they create a REAL anti-virus, a virus that infects infected machines and updates them and makes them secure again?

This isn't targeted at anyone in particular. But I really can't believe some people are twisting this negatively.

Microsoft certainly aren't saints, but you won't find any normal human beings or businesses that are.

well i think they wasted time and money on this that they could have used to shut down much more spam than they did...
still, your right... its good that they are at least trying...

you download a file blubb.exe and execute it. unfortunately blubb.exe contains a virus.
how is microsoft supposed to fix this "vulnerability"?

most infected systems are caused by the vulnerability called user

mandatory virus scan of every downloaded file?

[brandinb]

thats funny, cause imo shutting down domains to try and stop a botnet is the laziest approach to solving the problem i can think of... what was their first attempt? emailing them and asking them to please please stop?
how about actually fixing the vulnerabilities?

and putting out a bounty is another perfect example of an easy way out... if you just put out a big enough bounty SOMEBODy SOMEWHERE will most likely solve your problem one way or the other...
and there is a HUGE vulnerability in IE6 7 AND 8 that microsoft has been made aware of how many months ago and they havent done a single thing?
sorry, but adobe, linux, ubuntu, suse, sun/oracle, sap, ibm, firefox, google chrome, gmail, yahoo, apple... they all fix their vulnerabilities in acceptable to short periods of time, its only microsoft that takes forever to even acknowledge a problem, and then even more time to actually fix it...

im not saying thats the truth, im just saying from all i read and see and hear going on, thats how it looks to me...

The botnet computers recieve the instructions to spam based on the instructions that comes from the domain names.

For instance the bot net will look for bot.spam1.info first for instructions and if no reply then they got to bot.spam2.info etc

They pulled apart the botnet program and found all domain names the botnet refers to and are having all those domain names pulled. In that way the botnet is DEAD. Like cutting the head from a snake lol!

[brandinb]

Shutting down domains won't shut down the botnet. But I don't see why M$ should get involved in that, because that's not their specialty or the area of expertise.
But maybe using the "backdoor" to shut down the infected clients is where one could use M$-involvement and their area of expertize to solve those nasty DDoS attacks mess?

yes it would actually

[zalbard]

This isn't targeted at anyone in particular. But I really can't believe some people are twisting this negatively.

Microsoft certainly aren't saints, but you won't find any normal human beings or businesses that are.

Some people just really don't like MS I guess.

well thats what i dont get...
those machines are infected because they are old and not up to date and full of vulnerabilities... right? well who else knows how to exploit those vulnerabilities better than microsoft itself? so why dont they create a REAL anti-virus, a virus that infects infected machines and updates them and makes them secure again?

How would they distribute it, though? Using spam?

mandatory virus scan of every downloaded file?

Yep.
Or just check what executables are actually doing in your system, and not permit certain actions.

[brandinb]

Some people just really don't like MS I guess.


How would they distribute it, though? Using spam?

Yep.
Or just check what executables are actually doing in your system, and not permit certain actions.

Like UAC right?

[zalbard]

Like UAC right?

No, not necessarily.
For example, it should not let any programs wipe critical system files or clean some important registry parts.
Heuristics have been used in AV software for ages, the same can be used by OS. In a modest way, of course, not each time a program tries to access HDD!

[saaya]

The botnet computers recieve the instructions to spam based on the instructions that comes from the domain names.

For instance the bot net will look for bot.spam1.info first for instructions and if no reply then they got to bot.spam2.info etc

They pulled apart the botnet program and found all domain names the botnet refers to and are having all those domain names pulled. In that way the botnet is DEAD. Like cutting the head from a snake lol!

you think the spammers dont know the ips of their slave pcs and have no means to contact and update them?
one of the main thing most trojans do these days is auto update themselves and infect their pcs with several versions of the trojan...

How would they distribute it, though? Using spam?

im pretty sure they have a way to find their slave pcs and update the worms/trojans on them... and even if they dont, they managed to infect them once, why would they have a hard time infecting them again? they are clearly not secure machines...

Or just check what executables are actually doing in your system, and not permit certain actions.

yes, i wish taskmanager wouldnt be that basic and would show us a lot more...
its really not detailled enough... you cant see what each process is actually doing, if its writing to memory, how much, access the net, what ips on what port etc... why do we need third party tools for that?
for power users and especially IT and admins this kind of functionality should be included in task manager by default...

and it would help even normal end users to check if their pc is infected...
open task manager, check for processes using cpu time, check for processes that access a lot of different ips on different ports... you could find suspicious apps so fast that way...

right now in task manager you can only watch cpu time used, and you can only see the process name, but the process might be hijacked...

[Behemot]

yes, i wish taskmanager wouldnt be that basic and would show us a lot more...
its really not detailled enough... you cant see what each process is actually doing, if its writing to memory, how much, access the net, what ips on what port etc... why do we need third party tools for that?

Oh man sorry for for that but I have to laugh Go to View->Select columns and enjoy I watch at least CPU time, I/O read and write bytes, virtual memory size for some time now...on every PC I manage at home Task manager is rather powerfull if you discover all it's possibilities.

As for net access, most good firewalls watch this...and you need FW anyway, so...

ADD// as for vulnerability fixes, it's not only MS fault. Most people who has cracked OS don't install updates at all. Companies are not saint as you might think, too; I take paperback Computerworld at school, there are often such a surveys pointing out that ïn quite a lot firms updates are installed very late after the patch comes out.

[algorhythm]

They were probably using it to DDoS their servers or something, and it finally got annoying enough to throw lawyers at.

Then again, maybe M$ actually did something constructive for people that wasn't oriented around profits... Who knows? Stranger things have happened.

If the internet is better, that's good for Microsoft.

[AliG]

Publicity stunt.

Publicity stunt or not, I'm still grateful for anything that helps clean up the internet

[randomizer]

Publicity stunt or not, I'm still grateful for anything that helps clean up the internet

There's still 9 other massive bot nets according to the article. 1/10 is hardly going to make a difference. If they only get approval to shut down one at a time then by the time they get approval to shut down the next one the bot net they have already shut down will be back up again.

[Serpentarius]

Hitting 2 birds with a stone eh?

1. Reducing spam filter overhead costs.
2. Attracting even more spam targets directed to hotmail.

[yngndrw]

I see no need to be grateful to a corporate entity for doing something that means nothing to me. Gratitude doesn't pay their shareholders anyway. But hey, go give Ballmer a hug if it makes you feel better.

Do you get any spam in your email box ? If so, you're benefiting from this action.
Also how do you know that your computer isn't a "zombie" in a bot-net ? (I.e. Using an exploit which hasn't yet been found.) Again if this is the case, you're benefiting from this action.

[randomizer]

Do you get any spam in your email box ? If so, you're benefiting from this action.

I get spam regardless of their actions (not much, fortunately). They need to take out every bot net, not one. It's a waste of time just targeting one because it will just pop up again. Actually, the same will probably happen if you take them all out as well.

Also how do you know that your computer isn't a "zombie" in a bot-net ? (I.e. Using an exploit which hasn't yet been found.) Again if this is the case, you're benefiting from this action.

Because my two OS installations are a few days old and less than one day old respectively, and haven't had the chance to be online long enough to be infected. Plus Waledac (which is the bot net that this article is about) is a Windows bot net only, so the chances of me being infected are quite low. I only use Windows to play games and do some work in 3DS Max. If I am part of another bot net then the actions here by MS are irrelevant.

[yngndrw]

I get spam regardless of their actions (not much, fortunately). They need to take out every bot net, not one. It's a waste of time just targeting one because it will just pop up again. Actually, the same will probably happen if you take them all out as well.

I take it you haven't heard of "Every little helps" ? With that attitude, we might as well not bother trying to prevent Cancer because it's only one of many illnesses which can affect somebody.

Because my two OS installations are a few days old and less than one day old respectively, and haven't had the chance to be online long enough to be infected. Plus Waledac (which is the bot net that this article is about) is a Windows bot net only, so the chances of me being infected are quite low. I only use Windows to play games and do some work in 3DS Max. If I am part of another bot net then the actions here by MS are irrelevant.

Back in the days of XP I once re-installed XP and then connected it to the internet. My first action was to download an anti-virus, which I did and installed it. The second action was to download the Service pack. Before the download of the service pack had finished, the installation was ed. My point is that just because you haven't viewed any bad pages or downloaded any bad software does not mean that your operating system cannot pickup unwanted right away. In the case of botnets, you'll probably never know that your system is a zombie of a botnet.

[randomizer]

I take it you haven't heard of "Every little helps" ? With that attitude, we might as well not bother trying to prevent Cancer because it's only one of many illnesses which can affect somebody.

"One step forward, two steps back" is not my idea of "every little bit helps." Cancer research doesn't suddenly lose all of its previous progress just because it hasn't cured it overnight.

Back in the days of XP I once re-installed XP and then connected it to the internet. My first action was to download an anti-virus, which I did and installed it. The second action was to download the Service pack. Before the download of the service pack had finished, the installation was ed.

Damn, talk about unlucky. Can't say I've ever had that kind of issue right off the bat, but that sort of thing is one reason I've grown tired of Windows. When I do use Windows I don't bother with AV either. Extra bloat which never does anything but pick up tracking cookies.

My point is that just because you haven't viewed any bad pages or downloaded any bad software does not mean that your operating system cannot pickup unwanted right away.

Luckily for me, the rare piece of malware that can do something can't do much without elevated privileges.

In the case of botnets, you'll probably never know that your system is a zombie of a botnet.

Well it doesn't really matter then does it. As a matter of fact, my ISP monitors traffic for excessive emailing and notifies customers if they've potentially been zombified.

Perhaps we'll need to agree to disagree.

[zalbard]

I get spam regardless of their actions (not much, fortunately).

Getting less spam is still better than getting just as much as before, though.

[saaya]

Oh man sorry for for that but I have to laugh Go to View->Select columns and enjoy I watch at least CPU time, I/O read and write bytes, virtual memory size for some time now...on every PC I manage at home Task manager is rather powerfull if you discover all it's possibilities.

mhhh this is in vista and 7 i guess?
didnt know that, thx

i still think net activity should be displayed there, that would be very very useful...

[zalbard]

i still think net activity should be displayed there, that would be very very useful...

You can use Resource Monitor for that, though.

[randomizer]

Getting less spam is still better than getting just as much as before, though.

Well I get more than I did a few months ago, if that's anything to pass judgements on

[Generic user #2]

"One step forward, two steps back".

what?

how on earth did you arrive at that premise? you think that by taking down a botnet, it will actually regrow and DOUBLE in size?


to all the other naysayers, you need to realize that this case sets a precedent, meaning that it will be EASIER and QUICKER to get a court order to shutdown the NEXT targeted botnet...honestly, you've got to start somewhere.


ps, to saaya i think. one issue with having a viral anti-virus program is the fact that you need to FIND the holes in the program first. if you already know the bugs, you might as well fix them the traditional way...its a logical conundrum.

[Behemot]

mhhh this is in vista and 7 i guess?
didnt know that, thx

i still think net activity should be displayed there, that would be very very useful...

This is in XP, too. Maybe even in Win 2000, I used it only at school for short time.

Anyway, you're I'll remember this mighty day when I taught saaya something forever