back to article Microsoft wins court order crushing mighty spam botnet

A federal magistrate judge has recommended that Microsoft be given ownership of 276 internet addresses used to control “Waledac,” a massive botnet that the software company has been working to bring down. The recommendation by Magistrate Judge John F. Anderson of the US District Court for Eastern Virginia is a victory in …

COMMENTS

This topic is closed for new posts.
  1. Tim Bates

    MS doing good?

    Wow... MS doing something that is actually useful for people. And for no money...

    1. Tigra 07
      Flame

      There's a big difference

      The Bill and Melinda Gates foundation gives hundreds of millions of dollars to good causes every year.

      What does the Steve Jobs foundation donate?

      The answer is fuck all

      1. Anonymous Coward
        Joke

        The Foundation

        I come from a small third world country where nobody has a job and people use the little money they have to drink themselves to death.

        Thanks to the Gates foundation i was able to get a bus ticket and move.

        I lived in Scunthorpe anyone who is interested

  2. John Savard

    Why the courts?

    Shouldn't ICANN be pulling domain names used to control botnets without anyone having to tell it to do so? The legal system, after all, can take days or months to do something. The response to attempts to compromise computers should, ideally, take place in microseconds - as fast as possible, at least, to minimize the damage done.

    1. copsewood
      Boffin

      not so simple

      "Shouldn't ICANN be pulling domain names used to control botnets without anyone having to tell it to do so?"

      How would you like that if you had invested years of you life and thousands of £ in developing a site to find it on a large list of names which spammers program into a bot and which will enable the zombies to be controlled by malware if such were to run in future on your clean and legitimate site ? Sorry, it sounds like a nice idea, but you would make every legitimate and honest site potentially blackmailable or capable of being DOSed by those with criminal intent regardless of anything they could do about it.

      Change that to a policy of having a domain name capable of being temporarily suspended if provably misused for long enough without the WHOIS registered domain owner responding to complaints to remove the malware e.g. command and control software active on their website, and this is more likely to be supported by domain owners who have invested greatly in their brands and Internet presence. But that is not going to be an instant process.

      Even that isn't simple, because supposing there are a million sites hooked off different subdomains of example.com each seperately managed and one of these, averybadone.example.com is used as a Botnet C&C server, are you going to suspend the entire domain: example.com or have some process where the owner of example.com is asked to suspend averybadone.example.com within a given response period ?

      Also, supposing each DNS zone in a label chain of say a.b.c.d.e.f.example.com were given a reasonable response period of say 2-3 weeks, doesn't that give an arbitrarily long time for the spammers to relocate ?

    2. Alpha Tony

      @Why the courts?

      Perhaps because the potential impact of a domain being wrongly identified as part of such a network and seized/disabled without any legal checks could be very significant? It could destroy a business and land the ICANN with a hefty lawsuit.

      1. John Savard

        Duh.

        The terms and conditions of using the Internet would include giving up your right to sue ICANN about this sort of thing. (Basically, ISPs sign something that makes them make you sign something.) But ICANN would exercise due discretion to avoid putting legitimate businesses off the 'net - and if a slip-up is made, a system would have to be in place to ensure that no outage lasts for longer than a few minutes.

        Of course, legitimate businesses in Russia might find clearing up issues a bit more awkward than legitimate businesses in the United States. When we can trust their government to truthfully tell us who the legitimate businesses really are, though, that problem will go away.

  3. Loki 1

    In other news...

    Waledac purchase 1000 new domain names....

  4. Deadly_NZ
    WTF?

    Oh No

    AARRGG miccysoft owns the biggest botnet

    Now they can use it to get thier updates out with out us knowing

    wait for the miccysoft ads to flo

  5. Tigra 07
    Gates Halo

    Bravo Mightysoft

    Good to hear the tide is slowly turning, although the courts could really work a lot faster

  6. Criminny Rickets
    Pint

    M 276 W 0

    It doesn't matter if you love or hate Microsoft, in this instance I well done. I raise my pint to you.

  7. Anonymous Coward
    Anonymous Coward

    Well, in fairness, well done MS

    But it was kinda them that put it up in the first place.

  8. Shannon Jacobs
    Flame

    Would you join a vigilante army against spammers?

    What I want is improved anti-spam options that will at least give me the feeling that I am doing something about the spammers. I'm thinking about something like SpamCop, but with more rounds of iteration, including human confirmations of the targets, and pursuing more of the accomplices and victims. For reference, SpamCop just traces the source and sometimes finds the host of the spammer's website. I think it should go after harvesting and reply email addresses, link redirectors, and Joe job victims (as in the legitimate companies whose reputations are slammed by the spammers).

    Spam is clearly the #1 problem of the Internet. I'm not saying that we can or should eliminate all bad behavior. I'm just saying we should keep the bad people crawling from more visible, profitable, and annoying rocks to less comfortable rocks. You'll never convince me that spammers don't live under ugly rocks.

    1. Robert E A Harvey
      Boffin

      Full traceability

      Back in the 1990s I was lobbying for ISPs to get together and come up with different MTA protocols that would not allow spammers to hid behind anonymity or forged headers. None of them saw it as their job.They, of course, were quite happy to make money without actually doing any work. A more responsible attitude then might be saving us a lot of grief now.

      We won't crack security problems while we are still using code designed for ARPA. Perhaps the time has come (is overdue) for the CCITT or some other telecoms body to define a new method of sending/recieving email that cannot be abused like this. It would not be so hard to migrate everyone: people interested in avoiding spam would be the trailblazers, and I reckon in 2 years pop3/smtp would be as dead as fidonet.

  9. Trevor_Pott Gold badge

    One down.

    Many to go. Keep fighting the good fight, sirs.

  10. Robert E A Harvey
    Gates Horns

    Here's an idea

    >Microsoft Active Response for Security.

    How active would it be to add some security to the OS?

    Everywhere I worked plan A was "sell stuff that works"

  11. Anonymous Coward
    Thumb Up

    Good work!

    Good work! I just wish those botnet owners, operators and programmers were behind bars for a couple of years.

    1. Fatman
      Grenade

      RE: ....were behind bars for a couple of years.

      No, too easy, I say, line them up against he wall, and shoot them.

      Grenade, because I want to blow their heads off!

  12. The BigYin

    That's one for the list!

    Good things MS has done:

    1. Jiggered Waledac

    2. "Freecell"

    3. Err...that's it I think

    As for disinfecting...perhaps if Windows wasn't the Swiss cheese of OSs it wouldn't have been so easy for the black hats to crack it in the first place. The Windows paradigm is to run as Admin so one can get things done, Win7 has addressed this to a small extent but it still looks like a kindergarten attempt when compare to more mature and capable OSs.

    Although one does wonder why MS had to make these moves (or are they indirectly admitting their OS is insecure?), what the heck are ISPs doing? Why are they continuing to fail (bar Cox it seems) to detect and isolate infected client systems (be they home PCs or servers)? Or to report infected PCs/servers to fellow ISPs and then block those ISPs if they do not take action? Surely protecting their primary asset (network bandwidth) is in the interest of ISPs?

    1. The Original Steve
      Flame

      Oh please...

      Take a look at your calendar - it's 2010.

      XP SP2 onwards with AV and running as users rather than as administrators was secure. Vista more so due to the enforced user levels. (which people bitched about as their apps all assume admin rights yet Vista took it away)

      And 7 is also rock solid.

      Maybe I could put it to you that actually the USER INSTALLED the crap under a social engineering scam? E.g. A toolbar, entering a competition, downloading a torrent, a 'free' add-on to MSN, drive by download because the local computer dick next-door disabled UAC, or a good old-fashioned virus attached in an email claiming to be from DHL...

      Get Vista or 7, DON'T disabled auto-updates or UAC and slap on Microsoft Security Essentials. More than adequate security of a consumer PC.

      1. Mike Norrish NZ
        Pirate

        Yeah.... Time for the USER to take some responsibility for their actions.

        The lengths that some people will go to to try and "beat" Windows (and in doing so make its problems worse) never cease to astound me.

        Why is it that people compromise their systems - and worse, convince other people to compromise their systems - by disabling Widows Update, anyway? What exactly are they worried is going to happen there? Will the nasty MS goblins personally crawl down the fiber and start reading your email? Wait, there was never a patch for that.... Will they use it as a way to download all your files, steal your ideas and sleep with your wife? Strangely, none of those patches made the cut, either.

        Or maybe they might clandestinely find a way to identify the fact that you've stolen your operating system from them. They did do that one.

        Ultimately that's what it boils down to... "I can't use Windows Update, because then they might cotton on to the fact that I'm a thief, and stop me!"

        Solution: Stop whining, and stop pretending that your big moral battle over remote patching is about anything other than getting away with theft.

        There's nothing wrong with modern versions of Windows except for the people using them. XP? Not perfect. Vista? Dog's breakfast. Windows 7, On the other hand... Absolutely peachy. Remove the blinkers from thine eyes, and admit that just like Linux is no longer the terrifyingly complex beast that it was in 1998, neither is Windows still the piece of rubbish that is was in 2002.

        Also, I also have it on good authority from anonymous sources inside Microsoft that Gates and Ballmer don't even rape puppies anymore - scandalous!

  13. SImon Hobson Bronze badge
    FAIL

    Does anyone else see the problem ...

    ... when thousands of people get phone calls to say "your PC is infected and I'm calling to help you sort it out" ?

  14. Harry

    Re: Full traceability

    Would it be so difficult?

    For example:

    A sends to B purporting to be C.

    Before B's ISP delivers it, it pings some sort of datagram to C "did you send MsgID 5436374747 to abc@xyz with 4735 bytes and CRC 43774 ?

    If reply is negative, message discarded. If positive, message delivered maybe 500 milliseconds late.

    Cuts out the forged sender, but won't immediately catch a compromised PC. Though if a problem is identified in the message the sender has been positively identified -- so if part of the tracebility requirement was a sender registration, that registration could be revoked until the compromise proven to be fixed.

    1. Colin Miller
      Pint

      Sender Policy Framework

      There's already Sender Policy Framework [1]. This allows a domain, say example.com, to list all the addresses of machines that are allowed to send email from @example.com

      The receiving machine can then check if the example.com has SPF records in its DNS, and then reject the email if there is an SPF record and the email isn't from a listed machine.

      [1] http://en.wikipedia.org/wiki/Sender_Policy_Framework

  15. JDX Gold badge
    WTF?

    WTF

    Where's the post saying "it's all their fault for writing vulnerable OS software". Come on trolls, you must try harder.

    Is MS working alone here, or is there some uber-group of MS, Google, etc, working together?

  16. jack92129
    Stop

    What's the jurisdiction?

    I can't believe the US Federal Court can void registrations that belong to the world. As much as I dislike spammers, I don't believe a Federal judge can transfer ownership to another party. Perhaps as a tort in a civil suit ... but still I believe this is an ICANN providence and dislike the precedence it sets.

    What happens when a Chinese court awards the Microsoft.com domain name to XIN Tech? Cyber war??

    Just my 2 bits.

This topic is closed for new posts.

Other stories you might like