The spam-spewing Kelihos botnet has returned from the dead. Microsoft collaborated with Kaspersky Lab to run a successful takedown operation last September. The takedown decapitated the botnet by shutting down command-and-control server nodes, directing the bots on infected computers to contact a server under the control of …
"common-and-control" should be command-and-control?
Also, SHOOT IT IN THE HEAD!!!!111
There is a new "report corrections" link, if you notice...
No there's not
Not from the mobile version of the site it seems. I looked before I posted and just checked again. Nada :(
"a Russian national was involved..."
Do they award them medals in Russia?
No, in Soviet Russia, the medials award the nationals instead.
(Sorry, it had to be said!)
"A deliberate decision was taken NOT to patch infected machines, a problematic process that's illegal in some countries. Instead it was left to users to fix the security on their compromised machines."
You can't put a Bandaid on a huge gaping wound and expect it to heal. Seriously I don't care what the ramifications may be (Like it causing the infected computers to crash and if so good riddance to them). They should just fucking do it!
Right, even more: running MS Windows is akin to treating wounds with salt.
They should do nothing of the sort
That is a law enforcement job, not that of a commercial software company. Not only would they be exposing themselves to prosecution (it is vigilantism, effectively) but I've no doubt that some entireprising individuals could arrange civil suits too.
What is needed is sensible, coordinated support by national law enforcement agencies. Now all we need are senisble law enforcement agencies who actually understand what a botnet is...
@They should do nothing of the sort
From an old copy of the EULA:
"You acknowledge and agree that Microsoft may automatically check the version of the Product and/or its components that you are utilizing and may provide upgrades or fixes to the Product that will be automatically downloaded to your Workstation Computer."
This is precisely the sort of thing that would be a valid use of this clause.
And how is telling the machines to look elsewhere for commands any different, other than the size of change?
It isn't any different, really.
As for the EULA, they make for pretty treacherous legal footing for all concerned. If nothing else, unless MS provided the trojan in question, they have no right to make changes to its configuration!
It could get tricky
I might be running a 'botnet' that has perfectly legitimate and essential uses (such as monitoring and controlling medical equipment for home care patients) and uses similar techniques to the spam code. If my application code is a commercial secret (of course it is), then how do Microsoft know that a specialised patch to stop the spam botnet wouldn't disrupt my application and screw up many people in a bad way?
(Before anyone says it, I know it should be running on a specialised Linux appliance.)
1. EULA's have been proven pretty much usless in court. Also they can patch their software, they cannot alter other software, i.e. forcibly remove the "program". By using AV, you are giving that explit consent.
2. "And how is telling the machines to look elsewhere for commands any different, other than the size of change?"....
The didn't connect to the pc's. They interupted the C&C servers, for whih they had court orders for.
Most people probebrly haven't patched as they are proberbly dodgy copies.
There does appear to be a bit of a difference between "provid[ing] upgrades and fixes to the Product" and "ramming upgrades and fixes to the Product down the unsuspecting Throat of the User without his/her Consent". While I would welcome the former, I'm basically not interested in the latter.
"Almost inevitably many........." PC owners have very little knowledge and ZERO motivation to learn leaving us ALL to suffer the consequences.
In the same was that windows had popups informing of WGA / non genuine keys a few years back why not have a pop up that says your pc is infected?
It doesn't affect the DPA or the CMA since nothing has been removed.
The most obvious problem I can see is that your average user might think it's a pop-up screen from a piece of malware & do what they've been told to do so many times, & ignore it
Warning dialogs are of no use, as that is how the fake anti-virus scams get onto the computer in the first place.
Fake AV comes in via some unpatched product like Java, Acrobat or Windows. It then deletes the legitimate anti-virus product and pops up convincing looking windows of its own. Those windows will look like Microsoft's own Security Centre and will include an "anti-virus" warning which guides you to pay up $50 to have your PC "cleaned". These even include UK Call Centres now!!
I am constantly dealing with this stuff. Speedily mutating products which keep finding ways round many legit anti-virus products. Good fun to kill though - I enjoy the challenge of tracking their tricks. And dumb users keep me in work
The fact that people fall for this sort of trick is exactly the reason why it should have been used to clean the machines. Remember these people have got their machines infected (probably by following a dodgy popup instruction) so it is absolutely correct to aim a legitimate popup at them as they obviously follow these sorts of instructions.
Yes, we tell them every day that it's a ruse and should never be trusted but have they listened?
- Review Apple iPhone 6: Looking good, slim. How about... oh, your battery died
- 'Kim Kardashian snaps naked selfies with a BLACKBERRY'. *Twitterati gasps*
- +Comment EMC, HP blockbuster 'merger' shocker comes a cropper
- Moon landing was real and WE CAN PROVE IT, says Nvidia
- Apple's iPhone 6 first-day sales are MEANINGLESS, mutters analyst