Feeds

back to article Microsoft delivers fatal blow to yet another botnet

Microsoft said it delivered a fatal legal blow to Kelihos, a botnet that stole sensitive personal information stored on computers it infected, and was capable of delivering almost 4 billion spam messages per day. The takedown was achieved in part by obtaining a secret court order shutting down 21 internet addresses, including …

COMMENTS

This topic is closed for new posts.
Bronze badge

History lesson

Every once in a while, an evil empire DOES do something "good".

Past reference: Autobahn in Germany.

11
4
Flame

In this case MS is really just cleaning up after itself. Just that the mess it left behind was so vast and had so many things growing off it, that it felt like "winning a war", even though it was just "spring clean".

10
18
Bronze badge

genau

"Alles für Microsoftenschaft" or "Microsofentschaft über alles"

0
2

Hahahhahahaha

Can't wait to see pictures of the people who program these bots

1
0
Anonymous Coward

Guarantee there's tube of Clearsil in the background!

0
0
Facepalm

Kinda like plowing your garden

It must be be bittersweet, to work so hard to make such a lush and fertile ground for these seedlings to grow so well, only to cut them down without enjoying the fruit of your labour. sigh.

It is analogous to western governments putting the boots to despots they had readily supported. These were the truest 'strategic alliances'.

0
6
Bronze badge

So they took credit for bringing down the botnets, but they didn't take responsibility for producing and distributing the festering pile of dog turds that allows these botnets to exist. How surprising.

14
21
WTF?

I don't know anything about botnets

But are you saying they wouldn't exist without Microsoft? Maybe I missed some subtle sarcasm or something...

2
0

Producing what? Acrobat, Flash, or Java? As reported on the Register this same day, those are the ways the vast majority of infections get through.

4
0

Pots & Kettles

Didn't most of these Windows Botnets get infected by compromised Linux servers?

Blackhats go for critical mass targets. They are good enough to be able to penetrate anything they put their hands to. Windows greatest weakness is critical mass.

2
1
WTF?

Of course, the people that allowed their computers to be compromised in the first place by probably clicking yes to some random link or file bear no responsibility whatsoever. If people took personal responsibility over the computers under their own control we wouldn't have half the problem. Ignorance is no longer an acceptable excuse and while I'm not absolving MS of their duty I think it's unfair to blame them for something that is easily avoidable by end users.

0
1
FAIL

I'll explain it for you Mr Young, and it's not sarcasm

Botnets would exist with or without MS, however in an attempt to lockin some mickeysoft products (such as explorer, outlook etc), mickeysoft decided to make windoze a big humongous mess so that when a security flaw is found and exploited the whole OS/PC is compromised.

Why should a flaw in the rendering of jpeg images expose your address book to hackers??????? The *nix security model is a bit better in that all applications run under their own UID, in theory a compromised process does not have access to other processes and/or applications.

It should also be noted that mickeysoft have only disrupted the C&C structures for Kelihos, the botnet is still installed on whatever number of PCs that are infected. If mickeysoft have missed one of the control servers then the botnet is still active!!

I also think mickeysoft has been telling porkies, in the court submission mickeysoft state "Due to the high quality and effectiveness of Microsoft's products and services..."

If their products are so high quality and effective, how come a botnet got control of so many PCs???

3
0

"Didn't most of these Windows Botnets get infected by compromised Linux servers?"

ehhhh No, I think Kelihos is spread by infected spam, and it then infects PCs, not a lot to do with servers of any sort apart from the C&C components.

3
0
Silver badge

Sorry, I'm a tech and don't mindlessly click yes to every pop-up.

I was once building out a machine and made one fatal mistake which caused the system to be compromised when I hooked it to the network to run updates - I forgot to change the default home page from MSN to Google. MSN loaded, BAM! Antivirus 2009 or some variant thereof pwned the computer with no clicks required.

Yes they've improved since then, and I'll give them kudos for this cleanup, but at least half the problem HAS been MS.

2
1

I'm thinking your one fatal mistake...

...was to connect a new machine to the outside world without having installed up to date security software as part of the offline setup process. Or were you just insanely unlucky enough to have been caught out by this particular virus in the small window of opportunity between its release and inclusion in all the detection databases?

0
0
Bronze badge
Windows

Operative definitions of good and evil?

If we consider good in terms of what the company is doing, it actually bothers me that Microsoft has become the consistent leader in doing the good thing as regards the spammers. I still feel like Microsoft is a fundamentally criminal enterprise, and if they were held fully accountable for all of the harm that has been caused by the flaws in their software, even just limiting it to design flaws, they would be bankrupt in a NY minute. Yet here they are again doing the right thing.

Meanwhile, Google claims to want to avoid being evil, and they are consistently the spammers' best friend. Have you ever seen such a lame spam-reporting system as Gmail uses? Okay, I'm exaggerating a bit for emphasis. The webform part is pitiful, but the email side actually has at least two good wrinkles in it. I'm mostly disappointed that Google could do much better instead of letting Microsoft carry the battle to the spammers.

2
2

There's worse than Gmails system...

Try to report a spam-account on their blogging service...

0
0
Silver badge

If you have spam issues off Google, it's behavioral, not Google.

I've had my Google account for going on 7 years now. The only spam I get is stuff I signed up for, so it isn't UCE.

0
0
Bronze badge

Shannon, do you know that hotmail has a pretty bad spam filter. Gmail's is much smarter. It might even be based on spamassassin.

1
0

Its all microsofts fault...blah blah,,,

Predictable posts. Microsoft is doing some excellent work here, credit where credit is due. And I suspect that were billions of the worlds fools to use Linux on a daily basis, botnets and virii etc would be similarly widespread.

10
4
Anonymous Coward

No, you're wrong.

"I suspect that were billions of the worlds fools to use Linux on a daily basis, botnets and virii etc would be similarly widespread."

I would say that it would, in fact, be quite a programming challenge to build an efficient distributed botnet using Linux (or any *nix) because they DON 'T LEAVE THEIR BLOODY PORTS WIDE OPEN ALL THE TIME.

Nor do they promiscuously make assumptions about who or what is a friend or foe.

Yes, botnets almost certainly could not exist as they do without MS. They are morally bound to correct their own clusterf*cks.

7
4
Silver badge

I'm more and more tempted towards the opinion that on Windows an intrusion is more easier noticeable than it is on Linux.

On Windows crapware (malware, adware, etc.) is often discovered when the user finally wonders why his machine has become so slow and sluggish. Whereas on Linux an average rootkit does quite a good job of hiding itself. Most often you don't notice one thing unless you're using executable signing and such.

I can't help wonder how many rooted boxes exist without the owner even knowing...

0
0
Anonymous Coward

@craiggy

Windows has had the firewall switch on by default since XP SP2, you can't really accuse them of leaving ports open any more.

1
4
Anonymous Coward

Its far from perfect and you would be surprised how many people have it switched off. Or have tweaked it. Or have had software tweak it for them. Without them knowing.

0
0
Bronze badge

a habit

As a matter of fact , all major packagers, like aptitude/apt, yum and others so use the Pretty Good Privacy system and simple md5sum checksumming. I remind you that on most LInux and *BSD distros installations and updates are carried out from central repos.

Yes, a newbie that just came from the Windows camp never heard of this. He/she had always been using different unverified sources to install soft from. Updates might be either not convenient or inexistent. So he or she might end up doing what they simply did on Windows.

1
0
Bronze badge
Flame

Ahh, you mean that pile of crap that considered the internet at wide as the local intranet ? That bug was fixed YEARS after SP2 came out ...

Classic photo:

http://www.flickr.com/photos/68043681@N04

0
0
Bronze badge

one more blow to wish

>Microsoft delivers fatal blow to yet another botnet

I wish someone would finally deliver a fatal blow to the ugliest botnets of all - the Microsoft corp itself.

5
9
Childcatcher

innocent subdomains of cz.cc

were brought down too by MS, because MS is too lazy and technically incompetent to block only botnet traffic from cz.cc

"Now that Microsoft has obtained the cz.cc domain, it is working with Piatti to determine which ones are being used legitimately, so customers of his can get back online quickly."

3
2
Bronze badge
Meh

Well perhaps if cz.cc were doing their job properly and not just allowing any tom dick and harry to use the service without vetting then their customers would not have been effected non?

Cause and effect, kind of.

5
1

@Ramazan

>>"innocent subdomains of cz.cc were brought down too by MS, because MS is too lazy and technically incompetent to block only botnet traffic from cz.cc"

Presumably if they had trusted the guy in charge to be suitably cooperative, they could have done things differently.

Though would many people really run anything *important* on a free subdomain rather than paying for a domain of their own, unless they trusted the provider sufficiently to be confident they wouldn't do things or allow things liable to attract the attention of the authorities?

People using free subdomains from unknown or distant providers are taking a risk that criminals will be doing likewise, with the possibilities of disruption that might involve.

0
0
Mushroom

Microsoft would not exist without botnets and malware

'nuff said. Think about it...

2
2
Gimp

I thought about it

and you're an idiot. 'nuff said.

Gimp mask, because I wish you had a zipper

3
0

I've thought about it...

it's bobbins

1
0
Anonymous Coward

@Gerrit

I have thought about it and I have no idea what you're talking about.

0
0
Anonymous Coward

Maybe they should just focus on"taking out" the douches who keep responding to all this spam. If nobody was stupid enough to respond, then there'd be no market for the spam.

1
1

What no porn no freebies?

0
0
This topic is closed for new posts.