Feeds

back to article MS claims credit for Rustock botnet takedown

Action taken by Microsoft and law enforcement agencies was responsible for the takedown of the infamous spam-spewing Rustock botnet, the software giant said today. Anti-spam firms were taken by surprise by the abrupt cessation of junk mail from zombie clients in the Rustock botnet network on Wednesday afternoon. The reason for …

COMMENTS

This topic is closed for new posts.
Gates Halo

(untitled)

Microsoft saving the world from spam again. Bet these spammers use linux

1
2
Bronze badge
FAIL

Ha!

That means as much as admitting your machines were the cause in the first place...

(of course, everybody already knew that)

6
6
Silver badge

what did you expect

a herd of 1 MILLION macs?

lol

2
2
Flame

1 MILLION macs

Are there 1 MILLION macs in use?

2
0
Coat

Machines

"That means as much as admitting your machines were the cause in the first place..."

That's because most of the home computers out there run Windows. It's merely the best way to get zombies, due to the population. No, it's not due to some inherent flaw causing Windows to be vulnerable to these infections. Usually these bots get on the computer the same way Flash Player or Firefox gets on your computer: they're downloaded and ran. Granted, they're downloaded from less-reputable places. Very few virii nowadays actually install themselves on your computer with no user intervention.

1
1
Silver badge
Pint

Never thought I'd say this...

...but good for Microsoft. They're doing us ALL a large favour in dealing with these creeps.

Nice one, Steve

(or whoever took the decision)

8
1
Stop

If....

... there weren't idiots responding to the spam "adverts" there would be no spam...

9
0

It is possible to be guileless without being gullable

A friend of ours has a form of OCD and frequently needs to ask for help and assistance in determining if something he has seen on the Internet was real (if you need a indication, on how debilitating this can be for him, he initially needed help with the Japan earthquake, for instance). He's not an idiot. He has a job, and lives a reasonably independent life: he simply has a condition that actually makes him rather more reliant upon his computer than many of the rest of us are.

Now, I'm not sure if you think he shouldn't have an internet connection, or shouldn't have a bank account (or just haven't thought about it from his sort of angle) but he's exactly the sort these spammers go after. Which is why it is so wrong.

Fortunately the one thing he does have, is friends, who can help him get the best from his internet connection without being preyed upon. I rather suspect that not all such people have that to fall back on... and we're not claiming sainthood for doing it.

I'd also say it is good to see what Microsoft and the law-enforcers have done here. The zombie networks are often Windows machines, but they are nothing once their C&C servers are removed. Sure the problem will return, but this has at least shown that the problem is solvable. Spam isn't merely some force of nature that we have to put up with, but an aspect of a predatory network of individuals whose infrastructure can be got at and removed to yield real results.

4
2

Hmm. Two down votes...

what motivated that, I wonder?

0
0
Thumb Down

But...

...if Microsoft's security model wasn't so crap that it's easy to take control of Windows machines, we wouldn't have this sort of problem anyway.

So they're taking credit for sorting out a problem they've caused.

13
13
FAIL

Virii

Virii are executables. I can just as easily run one on my Linux box as my Windows box. The problem is, by and large, the people that hit "yes" to the "are you sure you want to run this potentially harmful program?" Be it Windows, Linux, or Mac, the user can still hit "Yes."

Disclaimer: this would require a "virus"-like program written to run on each of the operating systems mentioned. It's very easy to do so for each of these platforms, but one can't be bothered to target such small markets.

0
1

Cleaning up after themselves?

Is MS now cleaning up their own mess, finally? Let's hope so.

9
10
FAIL

RE: Cleaning up after themselves

No, they are not, but what they are doing is helping idiots correct their mistake.

Think of this that way, when you are driving and someone on the passenger seat tells you to go through intersection and you just go (even though it's red) who's fault is it....yours or the passenger?

The same logic apply here...maybe some of the morons can read before clicking yes to every little internet pop-up.

1
1
Bronze badge
Grenade

Gotta love them people that are never happy - NOT

Microsoft did something good and your all shouting them down. Geeze, next you'll be whining that bugs being fixed in Linux are a bad thing.

8
4
Silver badge
Thumb Up

@Ragarath You have got to understand the rules old chap.

When Microsoft are the subject of an article the following rules apply.

1. If MS have done something wrong, log on and howl.

2. If MS have done something right, log on and howl.

(Make sure you say that it was all their fault in the first place whether that is wholly true, partly true or not true at all.)

3. If MS are mentioned however peripherally, even if your posting is not even in orbit around the same planet as the article concerned let alone on topic, log on and howl.

4. Do remember to spell the Great Satan's name with a $-sign as often as possible whilst you howl.

As far as the subject of this article is concerned I am glad to see that MS appear to be taking their responsibilities seriously. I personally feel that they should have been moving in this way a considerable while ago but I am reasonably impressed with the sheer scale of the operation involving as it did MS officials, the Feds, the US courts and national compliance and policing authorities in several countries (including China's own CNERT-team believe or not!). So yes, on this occasion I am also willing to give Redmond a cautious thumbs up.

2
0
Thumb Up

Good news everybody...

Well done MS!

3
0
Anonymous Coward

Please.

Amazing how people will piss and moan about something positive (and not easy or inexpensive) MS is doing to solve a problem. Yes, it helped create the problem in the first place, but the last time I checked, Adobe, whose security is now arguably worse than MS, has exactly ZERO takedowns to their credit and I'm not expecting any soon.

6
2
Thumb Up

39%

Give us some perspective - how many is that per day/hour/minute etc

oh - and yeah, well done Microsoft.

0
0
Grenade

Well done!

Though, the spammers might not be the only ones miffed about this. I'm betting some DNSBL operators are grinding their axes and calling Microsoft all kinds of unmentionable things.

Fortunately, I somehow doubt they'd have the brass neck to blacklist 207.46.0.0/16 in retaliation for the proportional reduction in filtering-service revenue.

0
2
WTF?

"Much More Complicated"

"Rustock's infrastructure was much more complicated than Waledac's, relying on hard-coded Internet Protocol addresses rather than domain names and peer-to-peer command and control servers to control the botnet."

Since when is a static IP "much more complicated" to trace than a domain name or P2P?

4
0
Gold badge
WTF?

Re: "Much More Complicated"

Too right. WTF? indeed.

Likewise: "To be confident that the bot could not be quickly shifted to new infrastructure...."

'cos moving a physical IP address from A to B is infinitely simpler than changing a DNS entry of course.....

1
0
Stop

Re Re

I was just thinking that. I'm wondering who in their PR dept has come out with that one.

It would be a hell of a lot easier to block IP a.b.c.d rather than a DNS pointing to a.b.c.f then a.c.d.a later...

(Though you could block the DNS itself, which many bots already have workarounds ;)

2
0
Grenade

Since botnets started using P2P, that's when

If a botnet relies on something like round-robin or fast-flux dynamic DNS to find C&C servers, all you have to do is take down the domain name and the botnet is decapitated. P2P makes things a little harder, because once the bot knows a few P2P nodes the C&C server isn't required anymore.

Rustock did something like include a huge list of existing bot IPs every time the malware propagated. That kind of botnet is hard to stop once it gets going: If any of the IPs in the list are reachable, a new bot can bootstrap the whole list.

1
0
Gates Halo

That's why we have pooper-sccoper regulations

If your dog made a mess on the sidewalk, does that mean that the innocent pedestrian who steps in it has only himself to blame?

It is indeed good that Microsoft is cleaning up the mess they made, but let's not blame the wrong party for the spam problem.

3
1
Silver badge
Grenade

Well actually it is not the dog that is doing the shitting.

It is the "customer" who is shitting all over the sidewalk regardless of how often one tries to explain that they should keep it in their pants. How many articles in how many mainstream media publications warning said "customers" about downloading programmes of a certain type is it going to take before the brain dead finally realise that they are doing something silly? Interesting that many of us criticise (correctly in my view) Apple's walled garden on the grounds of freedom and choice, whilst at the same time many log on here to howl about "M$" on the grounds that they do not succeed in preventing said braindeads from fucking everything up. Do not misunderstand me, MS could clearly do a lot more to improve security (and I suspect they are aware of that) but I am piss tired of the fact that as long as the Great Satan From Redmond is involved many immediately find it convenient to forget that the biggest threat to a pc is the dickhead at the keyboard. Precisely how is "M$" supposed to stop these plonkers downloading that kind of shit without taking the kind of measures that would have us all howling a blue fit? So yes, the customer is NOT always right - sometimes they are completely wrong and ought to take some responsibility (that goes with freedom, right?) for their own behaviour.

0
0
Terminator

P2P bots, ph3ar!

I hope none of them download the Kademlia eMule code...

0
0
Anonymous Coward

Is it just me?

If this spam is advertising pharmaceuticals, why doesn't MS buy some of these pharmaceuticals then trace where their money went and who the beneficiary was (through the credit card records).

Then the credit card companies can block payments in future. Result - no payment, no point in spam advertising.

I seem to recall this approach was spectacularly effective in closing down MP3.com.

0
1

Came here for the MS snark

...and wasn't disappointed. Let me just save you fools the hassle:

"I hate Microsoft."

"Windows sucks."

"You're a Redmond shill."

"Gates is a jerk."

"Whales are fat and deserve to die."

"If martians ate peanuts they'd crap satay."

etc ad nauseum

0
0
This topic is closed for new posts.