For the past three weeks, internet addresses belonging to Microsoft have been used to route traffic to more than 1,000 fraudulent websites maintained by a notorious group of Russian criminals, publicly accessible internet data indicates. The 1,025 unique websites — which include seizemed.com, yourrulers.com, and …
Chase the money
Somewhere along the line, people have to use their credit cards to subsidize 'Canadian Pharmacies'. Making Visa and Mastercard responsible for these criminal transactions would slow this trade down considerably! They should aslo be make to disclose the recipients of the monies.
Chase the money 2
Since these networks are demonstrably run by Microsoft and Microsoft have lots of money, any one who has an issue with any of these website should sue M$.
You own the IP address and therefore you did is an accepted legal point, it has been repeatedly used in courts of law around the world by media businesses suing filesharers. The defence that it wasn't you it was a defect in your network security has not been accepted by the courts. So time to turn the tables here. Criminal activity is happening from there addresses so they are guilty. The courts will have to decide whether to continue to accept IP address based evidence as being admissible. So either MS are in big trouble here, or the media companies and their [il]legal sharks are going to loose a big stick.
Re: Chase the money....
...then you get to a money mule. People are offered jobs where they can work at home - all they need is a bank account to receive payments. They keep a percentage of the payment, cash rest and send it via Western Union or similar cash transfer service to someone in Eastern Europe. There are apparently enough people gullible enough to do this.
And Western Union or similar cash services have records of where their payments went. So jail the mule as is his due and continue to chase the money.
I like the idea of going after MS too.
I'll add a third, which is that even though they are dummy corps, somebody is set up to process the payments, go after them, follow their money and their associations.
Chase all the money on all the angles until you get as much of it as possible. I mean, I hear governments all over the world are short on cash at the moment. The scammers seem to have plenty of it, so isn't it time to shake them down?
Who does Balmer think he is, Jobs?
another possible cause?
Have they found a way to re-route this block of IP addresses to another site?
DNS and whois are not enough. Is it that difficult to go to the Linx looking glass or one of the publically available route servers and see if the network in question is still being routed to microsoft?
The article language also reads almost like the Daily Fail. The reg is a technical website, we do not need the babytalk explanations of what Dig is for crying out loud.
Not that easy
In order to hijack a range of IP addresses, you have to subvert a core ISP, or find some way of injecting false BGP (or whatever they use nowadays) information into the wider network. You have to be trusted, and in particular points in the network to have BGP info believed by your neighbours.
While I am not saying this is impossible, it is so fundamental in the operation of the Internet as a whole that if this is compromised, the operation of the whole Internet is at risk.
To El. Reg. To see whether an IP address is where you think it is, you can try to use traceroute (oh, sorry, tracert for windows users) to see where the packets appear to go. While it is not a sure-fire thing (traceroute can be blocked easily, and some routers do not respond), you may get sufficient clues from the names of the routers that have DNS entries to guess at the routing of the packets. If this does not work, you might try a ping -R (UNIX/Linux only?) to get the return path of the packets.
There are probably many better tools, but Dig (although I still use nslookup), traceroute, ping, netcat, telnet, nmap, wireshark and other tools such as nessus should all be in the metaphorical toolbox of people who want to diagnose network problems.
Secure Windows Servers in action!
No wonder people are giving the Windows Server OS the boot, and are running Linux on their servers instead. Even Microsoft can't keep Windows Server secure.
and here was me thinking that these dark boffins had infected GnuLinux boxes as well... harumph.. that'll teach me for skim reading articles!
@ D. Suse
From the article (you did read it?): "Members are known to infect Linux and Unix machines....."
I hope you're right and they have diversified into attacking Windows Servers as well. If MS were hosting on Linux, teh intahwebs would implode as all the flamethrowers backfired at once.
RE: Secure Windows Servers in action!
You took the words right out of my mouth!
...but at least you didn't take the inability to make things secure away from Microsoft - we all need them to laugh at!
hijacking networks - simple
Convince your upstream you're allowed to announce routes for xyz/16 (or anything down to around a /19), do it, profit.
That kind of attack is hardly new. I first encountered it back in 2003 while tracking a spam gang and as a result of the ensuing investigations there are now several private mailing lists dedicated to shutting down rogue announcements & returning the networks to their rightful owners or having them returned to the registries (this is where a lot of the recent reassignments of old swamp space have come from)
Ron may well be right that MS have a compromised server, but I've known him for nearly 15 years and he's got a tendency to loudly assume the worst case scenario. The fact that so many IPs are involved points more to network route hijacking than physical compromise.
By the way, the scary part is that the world's telephone number routing uses a very similar protocol which is even easier to hijack as there are no security measures installed against fraudulent activity. The vulnerability isn't theoretical - in the late 1990s UK porn operators were found to be hijacking number ranges belonging to Chile and Niue Island, among others...
Oh dear, we should immediately revoke MS's licence to use the internet, shutting down all their update servers, verification servers, activation servers etc, all according to the desires of...well...microsoft!
They can't possibly complain, at was thier idea!
Maybe Microsucks can add patch #50 to this months Windoze Patch Tuesday to fix their insecure websites and malicious code used to redirect Windoze users? Whta's one more patch when you're already doing 49 patches today?
It seems to me...
...that the world would be far better off if Russia and China were cut off completely from the wider internet. Follow their borders with a backhoe and an angle grinder and be done with it.
Is there any major criminal effort not headquartered in Russia and hosted in China? Maybe a couple, but not a lot. And if you physically sliced off the net connections, it's not like they could just operate out of different countries unless they moved there - risky and a pain in the ass.
Sure, there'd be some collateral, but at this point those two countries alone are close to destroying the utility of the net for the rest of us. Screw 'em and the horse they rode in on - let them back in the club when they won't let the trash line their pockets while feigning innocence.
You can have your gas back on when we get our internet back.
I have a pellet stove for heat...
...and will happily cook with electric. I'd be fine with subsidizing eastern Europeans' energy needs if it meant a 90% reduction in malware, spam, and as a consequence, odious Linux zealots who think it's clever to say "MicroSux" and "Winbloze".
As for western Europe, there's a reason God made the French - and as recent events have shown, it's not for liberty, equality, and fraternity: It's for nuclear power. The French have done at least two things the world is better off for - proving nuclear power is a viable large-scale energy source, and Grand Prix racing.
These things have been largely offset by their electing Sarkozy, but you can't bat 1000, can you?
I almost guarantee...
Reporting this problem should be as simple as checking the ARIN record for that address, right?
email@example.com, firstname.lastname@example.org, email@example.com
Auto-reply bots saying that your complaint was sent to the wrong address and discarded.
Carefully guarded by a filter that rejects anything that might mention any type of abuse going on.
I like it!
Together, adverts for getting a huge wotnot via MS and a picture of Ballmer!
Perfect start to my day!
So we're going on month one of the compromised Microsoft network host...
....aaaaand they're in the business of building software for who, again?
Anonymous because Big Bro doesn't like things messing with his cheerios, I'm told.
Could it be...
So is it a cock-up then?
But I thought
Haven't the EU and UK clearly set a legal framework that says that an IP address owner is clearly guilty as everybody knows that an IP address identifies its owner.
Nice to see a professor using the correct nomenclature
"they must have pwned the box", and "theyre probably teabagging the sysadmin as we speak"
Canada should file suit...
Defamation - that may give an individual, business, product, group, government, or nation a negative image.
Finally I can get some big dick pills and be a real man just like Ballmer - and all from Microsoft too.
mind in the gutter
Domain Internet Groper? Are you sure that's what "dig" stands for?