Feeds

back to article Microsoft techies bust data centres, pull plug on Bamital botnet

The Bamital web-search-hijacking botnet has been taken down by security researchers from Microsoft and Symantec with help from the Feds. The crack unit raided a number of data centres where the botnet's servers were located. Bamital malware intercepted victims' search requests - including those sent to Google, Yahoo! and …

COMMENTS

This topic is closed for new posts.
Thumb Up

chalk one for the good guys

Yes I know if Microsofts OS were more resilient they wouldn't have had to do this but at least they are doing something. We'd be pillorying them if they did nothing.

10
2
JDX
Gold badge

Re: chalk one for the good guys

These botnets target desktops if I understand rightly, but with the explosion in the number of servers running is it likely we'll see botnets attacking cloud servers, etc? In that world, targeting Linux would be the obvious route just as targeting Android in the mobile space is the sensible choice.

0
0
Silver badge
Angel

Re: chalk one for the good guys

> We'd be pillorying them if they did nothing.

Yeah, they taxed us already, so they better get their asses in gear.

2
2
MIc

Re: chalk one for the good guys

"if Microsofts OS were more resilient" how do you prevent uneducated users from installing malware? You can go the walled garden approach such as the surface RT but then people complain that it is not an open platform....

0
0
Bronze badge

@JDX

Explain me JDX, how would they "infect" my Linux box to redirect away from where I want? Not all the universe lives by the laws invented by Microsoft

As for Android, don't install outside of gogleplay and read the permissions of an app before you install it. No need for microsoft coming for rescue

0
0
Bronze badge

Re: chalk one for the good guys

Undoing what they have originally done?

0
0

This post has been deleted by its author

Bronze badge

@Mic

how do you prevent uneducated users from installing malware?

You don't know? in many ways:

-- by creating trusted repositories or ports , no walled gardens here

-- by creating a transparent API that mandates the permissions of an application

-- by writing better software

-- by opening up their source code

-- by making the quality of the software their priority

etc

**************

0
0

This post has been deleted by its author

Sil
Happy

Kudos to Microsoft

Kudos to Microsoft for its continued work on security and fight on crooks.

2
3
Silver badge
Windows

Microsoft should change their policies a little bit IMO...

"More than eight million Windows-powered computers have been attacked by Bamital over the last two years, according to security researchers at Microsoft and Symantec."

What is the first thing someone who uses an illegal (unlicensed) version of Windows will do? Turn off the automatic updates because there's (usually) nothing coming in and when it does (and the illegal copy is identified) an update will quite likely render the box unusable. Thus; turn it off.

Now, I can understand that Microsoft wants to target piracy, after all, it's basically going after extra money like any company would try to do. However; the downside to all of that is that a lot of PC's out there will remain unpatched and thus form potential targets for people trying to abuse those boxes. And with abuse I'm of course talking about (more) real abuse; the likes which hinders quite a lot of people.

To that end I think Microsoft should consider pushing out security updates no matter what kind of OS is getting them, then perhaps try to get the "baddies" by luring them into downloading "free" software which then ends up only usable on a genuine copy of Windows.

Of course there are also plenty of downsides to that scenario as well, sure, but IMO the whole issue of unlicensed Window copies where the owner stops updating his PC is a huge problem on its own. In fact; its the kind of problem which basically causes raids like this to happen.

So why not try and take this somewhat higher in the food chain ?

6
0

Re: Microsoft should change their policies a little bit IMO...

Not to mention the April 8, 2014 end of support for all those perfectly legal, fully patched and completely functional XP SP3 boxes out there (three in my house alone), which will then be wide open to the "all-but-inevitable attacks criminals will unleash against the OS once the flow of patches ceases." (http://www.theregister.co.uk/2012/04/07/windows_xp_two_years_until_support_ends/)

0
0
Silver badge
Megaphone

@ Tim Jenkins

http://www.linuxmint.com/

HTH.

1
1
FAIL

Re: @ Tim Jenkins

Only when my Steam games all run on it ; )

But seriously, my reply was to a post pointing out that Microsoft inflicts hundreds of millions of potential (or actual) botnetted PCs on the world because of their refusal to patch 'illegal' installations of XP. If, (as I suspect) most of the owners of 'legal' XP SP3s are unlikely to wipe-and-reinstall with a free operating system or Windows 8 (no application or settings migration from XP to Win8, remember?) come April 2014, this 'dirty' pool will only grow larger until natural attrition finally kills off the last of the XP hardware, which could take a while*.

*My 'best' XP box is a 4GB 2Ghz Core2Duo Thinkpad, very low mileage and about 4 years old, but running a 13 year old OS because it's an ex 'business' model and shipped with licence downgrade rights from Vista. I'd fully expect it to last another 4 years, but the OS effectively self-destructs in about 420 days...

0
0
Bronze badge

Re: @ Tim Jenkins

If you're treating it as a game box (what the Windows PC here is) you can limit its connections to the outside world to Steam and nowhere else. It will keep running happily and you'll be able to Steam ahead until everything runs natively or under WINE.

0
0
Gold badge
Coat

"The crack unit..."

To avoid confusion we'd better start referring to the Win 8 UI design team as "The LSD and Ketamine cocktail unit" then.

3
0
Silver badge
Coat

Re: "The crack unit..."

More briefly, "The Krokodil"

3
0

This post has been deleted by a moderator

Bronze badge
Linux

Re: They should be called WindowsNets not Botnets

You are a voice of reason. Prepare for the MS fanboi flames.

2
1
Silver badge
FAIL

Re: They should be called WindowsNets not Botnets

> You are a voice of reason. Prepare for the MS fanboi flames.

Nope, Eadon is nothing more than a parrot. In this case, his post-title is good, but the message is the same old same old Eadon crap, that must cause many Linux devotees to face-palm when they read his unsubstantiated posts.

And no, I'm not an MS fanboi - that couldn't be further from the truth

0
2

Anhd where were ...

... the ad agencies like Google that were still profiting from all this click fraud? Setting up new tax avoidance schemes no doubt.

1
0
Silver badge
FAIL

Re: Anhd where were ...

"Tax avoidance schemes"

aka.

"Robbery evasion", amirite?

If only one could valid aircraft for all the robbing. Instead, one gets served with talking airheads.

0
0

This post has been deleted by its author

Bronze badge
Linux

People who run Windows on servers

are the same ones that have unbalanced ceiling fans in their house.

Nuf said.

1
1
Bronze badge
Childcatcher

Preying on the Weak

For example, Microsoft investigators found that Bamital rerouted a search for "Nickelodeon" to a website that distributed spyware.

Not just pushing out malware, but targeting kids, too? The bastards!

No, there is no irony here. Just shoot/hang/nucleardetonate them. I have little tolerance for malware writers, even if I do understand the motivation in many cases. I have none at all for someone who deliberately goes after a child.

1
0
Anonymous Coward

Servers in USA?

I was surprised that seized servers associated with controlling the botnet where found in web-hosting facilities in Virginia and New Jersey. I'd have thought they'd have been hosted in countries that don't have as many laws in place. However, if I read the linked to report, it may answer that...

0
0
This topic is closed for new posts.