×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Microsoft Offers $250,000 Reward For Botnet Info

Soulskill posted more than 2 years ago | from the dead-or-alive dept.

Botnet 99

Orome1 writes "Microsoft decided to extend their efforts to establish the identity of those responsible for controlling the Rustock botnet by issuing a $250,000 reward for new information that results in the identification, arrest and criminal conviction of such individual(s). 'While the primary goal for our legal and technical operation has been to stop and disrupt the threat that Rustock has posed for everyone affected by it, we also believe the Rustock bot-herders should be held accountable for their actions.' Residents of any country are eligible for the reward pursuant to the laws of that country."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

99 comments

Veto threat against House GOP debt plan (-1)

Anonymous Coward | more than 2 years ago | (#36802112)

The White House on Monday issued a veto threat against the House Republican plan for balancing the budget and raising the debt ceiling, saying the plan is "inconsistent with [a] responsible framework to restore fiscal responsibility."

The GOP "cut, cap and balance" plan "sets out a false and unacceptable choice between the federal government defaulting on its obligations now or, alternatively, passing a balanced budget amendment that, in the years ahead, will likely leave the nation unable to meet its core commitment of ensuring dignity in retirement," the White House said in a statement.

The statement reiterates the argument President Obama made during a press conference on Friday, when he dismissed the GOP plan as empty politicking with unrealistic policy goals.

With talks stalled over a plan to raise the debt ceiling, the House is set to vote on the "cut, cap and balance" plan on Tuesday. Washington leaders have just two weeks to reach a deal before August 2, when the Obama administration says the U.S. would be "running on fumes" without an increase in the $14.3 trillion debt ceiling. The U.S. could risk defaulting on its loans or failing to meet its other financial obligations, which could significantly disrupt the U.S. and world economy, they say.

The House "cut, cap and balance"plan makes raising the debt ceiling contingent on a balanced budget amendment. It would also cap government spending at 18 percent of economic output over the next 10 years.

The plan would raise the debt ceiling by $2.4 trillion, since that is the increase requested by the president. However, the plan would actually make even more in spending cuts -- as much as $111 billion in 2012 alone.

It its statement today, the White House said, "Neither setting arbitrary spending levels nor amending the Constitution is necessary to restore fiscal responsibility."

The House Republican plan, the statement said, would undercut the United States' ability to invest in the future and lead to severe cuts across great swaths of government spending.

The White House maintains that Mr. Obama is still interested in seeking a deal reduces the deficit by as much as $4 trillion, but in a "balanced" manner.

Re:Veto threat against House GOP debt plan (1)

Anonymous Coward | more than 2 years ago | (#36802174)

What?

Fixed (1)

sycodon (149926) | more than 2 years ago | (#36807830)

"Microsoft decided to extend their efforts to establish the identity of those responsible for controlling the Rustock botnet by issuing a $250,000 reward for new information that results in the identification, apprehension and crucifixion of such individual(s).

There. That's what they should have said.

I wonder if the $250,000 reward (1, Insightful)

h1q (2042122) | more than 2 years ago | (#36802144)

will successfully direct attention away from Microsoft's failure to secure their operating system?

Re:I wonder if the $250,000 reward (4, Insightful)

RazzleFrog (537054) | more than 2 years ago | (#36802154)

The only secure operating system is one not connected to any network, locked in a closet with no user interface.

Re:I wonder if the $250,000 reward (1)

Anonymous Coward | more than 2 years ago | (#36802216)

No one expects the Spanish Inquisition

Re:I wonder if the $250,000 reward (0)

Anonymous Coward | more than 2 years ago | (#36802426)

Nope. Still insecure against an authorized user going rogue. You can't explain THAT!

Re:I wonder if the $250,000 reward (4, Funny)

geminidomino (614729) | more than 2 years ago | (#36802276)

Pfft. You call that secure?

You want secure, you need to fill all USB/PS2/VGA/HDMI ports with epoxy, encase the individual HDD platters in concrete, and hide each one in a separate underground ruin guarded by an ancient eldritch horror spread across the entirety of Hyrule -- After memorizing and putting into practice all relevant entries on the evil overlord list.

THAT'S security.

Re:I wonder if the $250,000 reward (0)

Anonymous Coward | more than 2 years ago | (#36802416)

hide each one in a separate underground ruin guarded by an ancient eldritch horror spread across the entirety of Hyrule

We all know that just like goggles they do nothing.
Any little gnome with a green hat will be able to break that one.

Re:I wonder if the $250,000 reward (1)

geminidomino (614729) | more than 2 years ago | (#36802446)

That's because he skipped the "Evil Overlord" step. Might as well have just set it up with "admin/pass" as its credentials...

Re:I wonder if the $250,000 reward (1)

impaledsunset (1337701) | more than 2 years ago | (#36802442)

A seasoned hacker will break your security with little effort. What about the disks with durable encryption that lasts for millennia with keys taken by recording data from pulsars?

Re:I wonder if the $250,000 reward (1)

Flea of Pain (1577213) | more than 2 years ago | (#36802486)

All over Hyrule? All you need to do is put them in the water temple. That place was just cruel.

Re:I wonder if the $250,000 reward (0)

Anonymous Coward | more than 2 years ago | (#36803406)

Leave the tropes out of this, please.

Re:I wonder if the $250,000 reward (0)

Anonymous Coward | more than 2 years ago | (#36803894)

Pfft. You call that secure?

You want secure, you need to fill all USB/PS2/VGA/HDMI ports with epoxy, encase the individual HDD platters in concrete, and hide each one in a separate underground ruin guarded by an ancient eldritch horror spread across the entirety of Hyrule -- After memorizing and putting into practice all relevant entries on the evil overlord list.

THAT'S security.

But what if it has wifi? =O

Re:I wonder if the $250,000 reward (1)

Gripp (1969738) | more than 2 years ago | (#36813218)

i could still solder in a connection :) want real security? strong magnets + hammer + steamroller + dog urine + >2000 degree inferno. that should do the trick. no one will EVER get the info off that drive again :)

Re:I wonder if the $250,000 reward (2)

Twinbee (767046) | more than 2 years ago | (#36802428)

You get levels though. 99% secure or 99.99999% secure is a huge difference.

Re:I wonder if the $250,000 reward (4, Insightful)

SCHecklerX (229973) | more than 2 years ago | (#36802654)

Yes, but there are conservative configurations and best practices that avoid most of the problems. And Microsoft ignored these things for years. Even today, they think that inbound blocking on client systems not on a trusted domain is enough. You can go anywhere that there are windows clients (airports are great candidates), and you'll see all kinds of friggin' netbios broadcasts from machines that KNOW they are on an untrusted network. WHY?

Re:I wonder if the $250,000 reward (1)

LordLimecat (1103839) | more than 2 years ago | (#36804552)

You can go anywhere that there are windows clients (airports are great candidates), and you'll see all kinds of friggin' ARP broadcasts from machines that KNOW they are on an untrusted network. WHY?

FTFY. And yea, those broadcasts are really an indicator of terrible security.

Stop NetBIOS shares this way (0)

Anonymous Coward | more than 2 years ago | (#36807248)

This is 1 way to do so (via a .bat or .cmd script loaded @ bootup in your startup group, OR, via a logon script even - this is mine here @ home (with local disks & mapped drives (minues the NET USE command though for the latter))):

NET SHARE ADMIN$ /del
NET SHARE IPC$ /del
NET SHARE DFS$ /DELETE
NET SHARE COMCFG$ /DELETE
NET SHARE FAX$ /del
NET SHARE PRINT$ /del
NET SHARE C$ /del
NET SHARE D$ /del
NET SHARE E$ /del
NET SHARE F$ /del
NET SHARE G$ /del
NET SHARE H$ /del
NET SHARE I$ /del
NET SHARE J$ /del
NET SHARE K$ /del
NET USE * /d /y
bcdedit /deletevalue loadoptions
bcdedit /set testsigning off

---

OR, by setting these options here, in the registry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanServer

AutoShareServer = 0
AutoShareWks =0

---

OR, even simpler still? Cut the "Server" service in services.msc...

---

I do ALL 3 for "layered security protection" here... & unless you need to set allowable shares? Don't... it's a waste!

If you do??

Then - Use ACL rights on the NTFS filesystem & set access to only USERS/machines you trust-can trust etc./et al!

APK

P.S.=> If you don't NEED any of those shares, services, or features thereof of them? CUT THEM OFF to protect yourself...

E.G.-> A std. non-networked system @ home doesn't, this is certain (plus, they chew up CPU cycles, RAM, & other forms of I/O you don't really need to be using if you are not using those services features anyhow (it'd be senseless to run things you do NOT need, & by default, they're turned on so that Windows is "network ready" outta the box, mainly for business networking (but this is a potential security "downside" though too)).

Now, A funny & GOOD "side effect" of doing this, on MY part, even on a LAN/WAN @ work on the job?

Well - I can still use/access most ALL of the features I need for programming or websurfing anyhow by doing so... & funniest part is, one of my co-workers tried "hacking" my system, AND COULDN'T EVEN SEE ME ON THE WORKPLACE LAN/WAN!

I am TRULY, "the ghost in the machine/deux ex machina", setup this way on a work place LAN even... & yet, I am able to do what I needed to on the job, online & otherwise on the local network too since my system was NOT acting as a server in the first place - merely a developer's workstation-node!

This CAN adversely affect mass applied updates to Windows though, or SMS type features etc., but if you apply those yourself, as I do, manually? No problem (or you can use Windows update too!)

... apk

Additionally? EZ setting that helps too! (0)

Anonymous Coward | more than 2 years ago | (#36807378)

In your Local Area Connection: Cut the "Client for Microsoft Networks" IF you don't need to be setting up shares for others to use...

---

1.) Click PROPERTIES button
2.) Uncheck "Client for Microsoft Networks"
3.) Highlite TCP/IP ipv4 (or ipv6 if you use it, I don't currently)
4.) Properties Button -> Advanced Button -> WINS Tab -> Check the "Disable NetBIOS over TCP/IP" checkbox

---

* DONE!

That's helpful as well, in addition to my other "layered security" methods above:

http://news.slashdot.org/comments.pl?sid=2333542&cid=36807248 [slashdot.org]

vs. the problems you folks discussed here in this thread exchange!

APK

P.S.=> Again though, read that link I put up above too... because there are a COUPLE "tiny downsides" IF you need to set shares (Then, just use your ACL settings for NTFS filesystems rights for better security then, only, & restrict it to those you wish to allow into your disks/folders/files)

... apk

I do pretty well (no infestations since 1996) (0)

Anonymous Coward | more than 2 years ago | (#36807186)

All I do is follow the guidelines I set down here, to the letter (& not just myself, or my friends or family either... but others that have applied this guide in the link next below (some of their testimonials are quoted below in fact or they use the same type of techniques in part I illustrated)):

http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE [bing.com]

And, a decade++ before it, here:

http://web.archive.org/web/20020205091023/www.ntcompatible.com/article1.shtml [archive.org]

(In part of its "original prototype" I started working on while adminning "the official Windows help channel" on DALNET IRC in #Windows, circa 1994-2000)

Which NeoWin picked up on & rated pretty highly circa 2001, here:

http://www.neowin.net/news/apk-a-to-z-internet-speedup--security-text [neowin.net]

---

That guide?

It's ALL ABOUT the best thing we have currently going: "Layered Security" & User Education really (the latter IS the "main problem" along with the botnet/malware-in-general makers imo!).

* And, yes - it works... proofs thereof (small sampling, I can produce many others upon request):

SOME QUOTED TESTIMONIALS TO THE EFFECTIVENESS OF SAID LAYERED SECURITY GUIDE I AUTHORED:

---

"Ever since I've installed a host file (http://www.mvps.org/winhelp2002/hosts.htm) to redirect advertisers to my loopback, I haven't had any malware, spyware, or adware issues. I first started using the host file 5 years ago." - by TestedDoughnut (1324447) on Monday December 13, @12:18AM (#34532122)

---

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=2 [xtremepccentral.com]

"I recently, months ago when you finally got this guide done, had authorization to try this on simple work station for kids. My client, who paid me an ungodly amount of money to do this, has been PROBLEM FREE FOR MONTHS! I haven't even had a follow up call which is unusual." - THRONKA, user of my guide @ XTremePcCentral

AND

"APK, thanks for such a great guide. This would, and should, be an inspiration to such security measures. Also, the pc that has "tweaks": IS STILL GOING! NO PROBLEMS!" - THRONKA, user of my guide @ XTremePcCentral

AND

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=3 [xtremepccentral.com]

"Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008. Great stuff! My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads. APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local. (except AVG updater, needed system local)" - THRONKA, user of my guide @ XTremePcCentral

AND

http://forums.theplanet.com/index.php?s=80bbbffc22d358de6b01b8450d596746&showtopic=89123&st=60&start=60 [theplanet.com]

"the use of the hosts file has worked for me in many ways. for one it stops ad banners, it helps speed up your computer as well. if you need more proof i am writing to you on a 400 hertz computer and i run with ease. i do not get 200++ viruses and spy ware a month as i use to. now i am lucky if i get 1 or 2 viruses a month. if you want my opinion if you stick to what APK says in his article about securing your computer then you will be safe and should not get any viruses or spy ware, but if you do get hit with viruses and spy ware then it will your own fault. keep up the good fight APK." - Kings Joker, user of my guide @ THE PLANET

---

(Again - Those results are only a SMALL SAMPLING TOO, mind you: Once more - I can produce more such results, upon request, from other users & sites online)

HOWEVER - There's ONLY 1 WEAKNESS TO IT: Human beings, & they not being 'disciplined' about the indiscriminate usage of javascript (the main "harbinger of doom" out there today online), OR, what they download for example... King's Joker above tends to "2nd that motion" (& there is NOTHING I can do about that! Per Dr. Manhattan of "The Watchmen", ala -> "I can change almost anything, but I can't change human nature")

HOWEVER AGAIN - That's where NORTON DNS helps -> http://nortondns.com/ [nortondns.com] ... Especially for noob/grandma level users who are unaware of how to secure themselves in fact! ScrubIT DNS, & OpenDNS are others (adding on phishing protection too) & it's possible to use ALL THREE in your hardware NAT routers, and, in your Local Area Connection DNS properties in Windows, for again, "Layered Security"...

I also do extra "layered security" work above Norton DNS/OpenDNS/ScrubIT DNS too, in HOSTS files usage, that layer on to that!

AND, HOSTS files are COMPLETELY under MY personal control as well, for better speed, security, & even "anonymity" to a degree (vs DNSBL of all things) here..

In fact, coming up on 1.5 million entries worth vs. adbanners (because they have had malicious code in them @ times since 2004), bogus DNS Servers, botnet C&C servers, & known maliciously scripted websites + servers/hosts-domains that are KNOWN to serve up malware.

(I, and my friends + family that use it, along with Norton DNS/OpenDNS/ScrubIT DNS? Haven't been infected ONCE, since 1996!)

---

I "preach" layered security, & have since 1997-1998 with the most viewed, highly rated guide online for Windows security there really is which came from the fact I also created the 1st guide for securing Windows, highly rated @ NEOWIN (as far back as 1998-2001) here:

http://www.neowin.net/news/apk-a-to-z-internet-speedup--security-text [neowin.net]

AND, more currently, the MOST viewed & highly rated one there is for years now since 2008 online:

http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE [bing.com]

Which has well over 500,000++ views online (actually MORE, but 1 site with 75,000 views of it went offline/out-of-business) & it's been made either:

---

1.) An Essential Guide
2.) 5-5 star rated
3.) A "sticky-pinned" thread
4.) Most viewed in the category it's in (usually security)
5.) Got me PAID by winning a contest @ PCPitStop (quite unexpectedly - I was only posting it for the good of all, & yes, "the Lord works in mysterious ways", it even got me PAID -> http://techtalk.pcpitstop.com/2007/09/04/pc-pitstop-winners/ [pcpitstop.com] (see January 2008))

---

Across 15-20 or so sites I posted it on back in 2008

APK

P.S.=> Other Operating Systems have, in principle, the same general features & guides for them also:

---

Apple's MacOS X Security Guide:

http://www.apple.com/support/security/guides/ [apple.com]

---

&

---

Securing Linux:

http://www.puschitz.com/SecuringLinux.shtml [puschitz.com]

(Linux in particular has a WEALTH of information here in fact, AND, SeLinux which the NSA themselves "bolted onto" std. Linux making it possible to have MAC (analog to Windows NT-based OS ACL's &/or an analog to Windows NT-based OS "Group Policies" (gpedit.msc) + "Security Policies" (secpol.msc)).

---

* So yes, OS' can be SECURED, & far better than they ship to "end users" by default... but, YOU have to take the time to do it yourself largely is all!

(There are tools that help, for Linux &/or Windows, there exists the CIS Tool which is multiplatform & does help guide "the novice" somewhat, & makes it almost "fun-to-do", like running a benchmark of system speed, albeit in CIS Tools' case, for security (based on security std.s/"best-practices", for the OS @ hand tested))

THE MAIN PROBLEMS TODAY IMO? End users themselves being ignorant or uncaring about it, allowing for "spreading the disease" for one thing (ignorance IS excusable though, they're NOT "expert" @ computing etc. - but not helping them out on the part of those who ARE in fact, "expert", is imo, inexcusable by the same token) AND, malware makers in general also...

So, "all that said & aside":

MS is doing the right thing, so are folks like GOOGLE on this account as another example thereof as well, & so far folks like Norton DNS, OpenDNS, & ScrubIT DNS also (they employ filtering DNS servers that are FREE TO USE, vs. malware, phishing, bogus DNS servers, botnet C&C Servers, known maliciously scripted sites, or sites KNOWN to serve up malware too!).

So, security's DOABLE, but you have to know what to look for, sometimes a guide too (because it's a WEE bit complex, but not really as opposed to harder things in the art & science of computing such as programming imo)

... apk

Re:I wonder if the $250,000 reward (0)

Anonymous Coward | more than 2 years ago | (#36802188)

citation needed.

I run Windows 7 and my machine is not a Rustock zombie.

Re:I wonder if the $250,000 reward (0)

Anonymous Coward | more than 2 years ago | (#36802464)

citation needed.

I run Windows 7 and my machine is not a Rustock zombie.

Yet.

Re:I wonder if the $250,000 reward (2)

second_coming (2014346) | more than 2 years ago | (#36802238)

nothing is ever 100% secure, at least they are making an effort to shut down the spam pushers.

Re:I wonder if the $250,000 reward (1)

poetmatt (793785) | more than 2 years ago | (#36802264)

Nothing has to be 100% secure. You can still make things a whole hell of a lot more secure than MS enables people to reduce things to. It's not like MS products are entirely insecure, it's more that they let users reduce their own security, which is still MS's fault.

Re:I wonder if the $250,000 reward (3, Informative)

Baloroth (2370816) | more than 2 years ago | (#36802414)

And what would you prefer? The iOS way of locking everything down? Linux sure as hell lets users reduce their own security. I can easily run everything as root, under any distro I've ever used. OSX does the same. Any operating system that lets its users actually, you know, use it, will absolutely have to allow this. The easier this is to do, the better for most customers. And this will never change. Now, if its in an administrated environment the admin can set up Linux so that the user can't compromise the system, but you can do that in Windows too. You simply cannot create a security model in the practical world that doesn't allow the primary user to lower his own security. Unless, of course, you don't let the user modify the OS or install what he wants. Which is why Apple locks down the iPhone so heavily. Or rather, tries to.

Re:I wonder if the $250,000 reward (0)

Anonymous Coward | more than 2 years ago | (#36802626)

I wonder how much Windows malware would be stopped if people just turned on enforced code signing for all programs in gpedit.

Re:I wonder if the $250,000 reward (0)

Anonymous Coward | more than 2 years ago | (#36802726)

It doesn't matter because malware authors have been using leaked code signing certs for a long time now. When Windows 7 first was released there were already rootkits available with signed drivers.

Re:I wonder if the $250,000 reward (0)

Anonymous Coward | more than 2 years ago | (#36802918)

So what? 99.8% of malware isn't signed. Actually, you don't even need code signing, because 99% of rootkit malware isn't 64-bit driver compatible. afaik there's only 1 semi widespread 64-bit, stealth botnet in existence.

Re:I wonder if the $250,000 reward (1)

second_coming (2014346) | more than 2 years ago | (#36804200)

The main problem I would say is that the majority of PC users are completely clueless with regards to keeping their system patched and up to date let alone making sure they have decent antivirus. So unless you can ship an OS which is secure and never needs patching the problem is not going away anytime soon.

Re:I wonder if the $250,000 reward (2, Insightful)

Anonymous Coward | more than 2 years ago | (#36802246)

no worries.. there's always people like you to make sure the fud stays front and center..

Re:I wonder if the $250,000 reward (0)

Anonymous Coward | more than 2 years ago | (#36802260)

Honestly, I'd raise that number a bit if I was serious.

Re:I wonder if the $250,000 reward (0)

Anonymous Coward | more than 2 years ago | (#36802294)

It's like the maker of Lawn Darts pursuing criminal action against kids that hurt others by throwing the darts into the air, rather than rethinking their toy.

Re:I wonder if the $250,000 reward (1)

Riceballsan (816702) | more than 2 years ago | (#36802328)

Honestly it's a 50/50 mix on that, some of it is Microsoft's failure to secure their OS, but not all of it. Botnets can and will happen on any OS, security holes can and will happen on any OS. I do find Microsoft response time to many threats downright horrific, due to a lack of proactive response. Many times security holes are announced to them, then 5 months later after they are being exploited, Microsoft begins to work on patching them. What I do find ironic here though, is Microsoft pretty much mocks Mozilla and Google for bug bounties, and here they are finding the re-active equivalent to the proactive solution. Why pay someone to solve the problem before it hurts users, lets pay them after users are being hurt.

Re:I wonder if the $250,000 reward (1)

interkin3tic (1469267) | more than 2 years ago | (#36802450)

will successfully direct attention away from Microsoft's failure to secure their operating system?

Seems like they're getting almost zero attention now for it (possibly deservedly so). Hard to get much lower than zero, or even get to zero. So no, it won't, and were that the goal it would be laughable.

Re:I wonder if the $250,000 reward (2)

CharlyFoxtrot (1607527) | more than 2 years ago | (#36802524)

You know what would successfully kill off all these botnets ? If MS held a "piracy amnesty day" where everyone could bring in their PC to a team of volunteer geeks and have them install a legit and fully patched version of Windows in place of the virus ridden downloaded hacked version they have. 1 day, good PR and all they need to do is eat the virtual cost of the pirated versions.

Re:I wonder if the $250,000 reward (2)

hairyfeet (841228) | more than 2 years ago | (#36804454)

Did you miss the earlier article on how Apple got iOS rooted in a single day? Or maybe the KDELook malware that went around a couple of years back? How about hot to write a Linux virus in 5 easy steps? [geekzone.co.nz]

Protip: ALL OSes can and WILL be pwned simply because they are extremely complex interacting systems and nobody, not even Torvalds and the heads of Apple and MSFT engineering can tell you EXACTLY what every possible interaction with each subsystem will output simply because our computers do more than ever before with multicores, GPUs made up of dozens to hundreds of stream processors, and tons of third party code running on top of it all.

As someone who fixes infected PCs 6 days a week and just got done cleaning out another security tool variant let me give you this observation from experience on where most of the malware gets into the PC...PEBKAC.The big attack vectors i'm seeing day after day, in no particular order, is: 1.- The "you want teh hot lesbos? you need to run our Iz_not_Viruz_iz_codec.exe to play teh vidz!" 2.- The "ZOMG you got teh viruz! To fix run our Iz_not_Viruz_iz_cleanerz.exe to get rid of it ZOMG!" 3.-The "Use the new Limewire (Iz_not_Viruz_iz_Limewirez) to download teh latest Titney_Spearz.mp3.exe tunez today!" and 4.-"Hey my BFF sent me a funny cat video! It says I should run Iz_not_Viruz_iz_LOLCatz to see teh kittiez!"

As you will notice with ALL of the above you simply don't have to bother with an exploit for ANY of those, as the user IS the exploit and is the weakest link. The last major "WTF?" that MSFT had, the "Hey lets run everybody as admin!" officially died with Vista and since 7 doesn't bug the crap out of folks with "Cancel/allow?" boxes every three seconds UAC has been left on and along with low rights mode in IE and Chromium based is doing a good job, as we saw by the numbers released the other week where there are only 4 per 1000 7 machines infected VS 14 for XP.

But as long as you have people willing to ignore or even turn off their AV (as I had the other week with a customer and the "Iz_Not_Bug_Iz_Limewire") because a malware writer waved a cookie in front of them then frankly I don't see what else can be done besides what MSFT is already doing with the free MSRT and MSE. And as we have seen with first MacDefender and now MacGuard (which doesn't even need the password anymore) on OSX and the nasty Android trojan apps it doesn't matter whether you are on an alternative OS or not, all that matters is whether or not the bad guys want in bad enough to do the work and whether you have any users who'll run "Iz_Not_Bug_Iz" style apps. sadly I've found that WAAAY too many are more than happy to do just that. Will this bounty crap work? Who knows, I think the money would be better served paying researchers to tear the botnet's guts apart and trace their way back, but they say there is no honor among thieves.

And I apologize about the length, I just find it incredibly ridiculous that anyone still believe ANY company, be it Apple, Google, or MSFT, can wave a magic wand and make PEBKAC disappear. There have been attempts at education (MSFT puts out plenty warning about email attachments and other major attack vectors) there have been attempts to lock the user away from anything bad (Apple) and using Linux to stop malware (Google with Android) and ALL HAVE FAILED. All you can do is cut down the risks as best you can and be ready to clean up the mess when Forest Gump ignores you to "see teh tittiez!"

Re:I wonder if the $250,000 reward (1)

parlancex (1322105) | more than 2 years ago | (#36808228)

Has / does Windows have security problems? Sure, but I disagree that you can blame Microsoft for everything.

Does anyone remember the huge outcry and fear and tinfoil hatting when it was announced that Windows 7 would require driver signing by default? Microsoft gets blamed for anything that takes away control of the computer from the end user, but they also get blamed for the results of whatever every stupid end user happens to do.

If you even think that secure defaults would prevent these kinds of problems you have probably never worked in IT. Users will click and ignore and install and agree to anything that stands between them and whatever goat porn / Rebecca Black garbage bullshit they want to download.

would love to see some statistics on this (1)

v1 (525388) | more than 2 years ago | (#36802194)

I wonder if they rake in 250k a month (or week) renting such a botnet? May start leading to some entertaining extortion...

Re:would love to see some statistics on this (1)

c6gunner (950153) | more than 2 years ago | (#36802990)

I wonder if they rake in 250k a month (or week) renting such a botnet? May start leading to some entertaining extortion...

Well ...

1. It's a REALLY bad idea to try and extort criminals.

and

2. Personally, I'd rather report it Microsoft anyway. $250k is a big enough reward to allow morality to win out over greed ;)

Re:would love to see some statistics on this (1)

v1 (525388) | more than 2 years ago | (#36803130)

1. It's a REALLY bad idea to try and extort criminals.

It's also a really bad idea to do something that lands a $250k bounty on your head. But they do it anyway because it's get-rich-quick. Besides, it's going to be more criminals doing the extorting, they're used to shady, dangerous deals.

It'll happen. Or it'll get tried. Probably more than once. At the very least, it'll raise the herder's paranoia a notch or two. (and I mean in the plural, these nets aren't being run by some recluse in his basement, these are like little sweatshops with a dozen+ involved) Even that alone could help - you get a group of 4 or 5 already nervous criminals a bit more on edge and there's bound to be some paranoia-driven backstabbing getting kicked up. And that can only help resolve the problem more quickly.

Well... (-1)

Anonymous Coward | more than 2 years ago | (#36802198)

You can find those responsible hiding in my pants!

Get a rope! (1)

sneakyimp (1161443) | more than 2 years ago | (#36802290)

That there's some seeeeerious cash. Obviously, it's time to form us up a posse and find these mofos. Who's in boys (and girls)??!!

This a Faustian bargain, isn't it? (3, Insightful)

elrous0 (869638) | more than 2 years ago | (#36802296)

Let me guess, you get the $250,000 in pennies? Or maybe you get it, only to die an hour later?

Re:This a Faustian bargain, isn't it? (0)

Anonymous Coward | more than 2 years ago | (#36802400)

Pennies? s/ni/is/

Re:This a Faustian bargain, isn't it? (0)

Anonymous Coward | more than 2 years ago | (#36802704)

Ironically $250000 in pennies is $500000 worth of copper. I'll take that deal.

Re:This a Faustian bargain, isn't it? (1)

Jeng (926980) | more than 2 years ago | (#36802808)

Any penny made during 1982 and later is only copper coated zinc.

Not nearly as valuable.

Re:This a Faustian bargain, isn't it? (2)

Ruke (857276) | more than 2 years ago | (#36802872)

Wikipedia: [wikipedia.org]

As of January 14, 2011 the metallurgical value of the copper in pre-1982 bronze and brass cents is 289% of their face value. Post-1982 copper plated zinc cents have a metallurgical value of 64% of their face value.

Have fun with your 62,500 kilograms of dead weight.

Re:This a Faustian bargain, isn't it? (1)

v1 (525388) | more than 2 years ago | (#36802742)

Let me guess, you get the $250,000 in pennies?

No they'll send you a money order. And some recommended places to invest some of it.

Re:This a Faustian bargain, isn't it? (0)

Anonymous Coward | more than 2 years ago | (#36803236)

No, you get $250.000 of "worth" in Microsoft software of licenses.

Re:This a Faustian bargain, isn't it? (0)

Anonymous Coward | more than 2 years ago | (#36807396)

you will get $250K in Microsoft software licenses. Worthless.

The Ultimate Irony (1)

tgeek (941867) | more than 2 years ago | (#36802320)

Wouldn't it be the ultimate irony if Rustock reared up and shutdown Microsoft's reward/bounty site? If I had a spare $250k laying around I'd pay to see that.

Re:The Ultimate Irony (2, Insightful)

Anonymous Coward | more than 2 years ago | (#36802358)

If I had a spare $250k laying around I'd pay to see that.

With that sort of priority, it shouldn't be any surprise that you do not have a 'spare $250K laying around', in the first place.

Re:The Ultimate Irony (0)

Anonymous Coward | more than 2 years ago | (#36802512)

Yeah, only ppl who bring down skyscrapers or run drugs in submarines have that kind of cash.

I got it. (2)

140Mandak262Jamuna (970587) | more than 2 years ago | (#36802336)

That botnet is run by a rogue newspaper called News of The World, and the ring leader is one James Murdoch. Where do I collect my reward?

Cheaper than... (1)

Synerg1y (2169962) | more than 2 years ago | (#36802340)

Hiring a security team/ firm to go do it for them. But Microsoft forgets... the internet community hates you, maybe they could enlist the fine people who made Windows Vista as a reminder.

nice try (2)

lpaul55 (137990) | more than 2 years ago | (#36802342)

Not every problem can be solved by throwing money at it, as Murdoch has learned.
Does Micro$oft have any other resources that could be applied to the problem?

Re:nice try (5, Insightful)

Ruke (857276) | more than 2 years ago | (#36802372)

On the other hand, a lot of problems can be solved by throwing money at them. If I "knew a guy" who ran a botnet, you can bet that I'd sell his ass to Microsoft for five years' salary.

Re:nice try (0, Informative)

Anonymous Coward | more than 2 years ago | (#36802448)

On the other hand, a lot of problems can be solved by throwing money at them. If I "knew a guy" who ran a botnet, you can bet that I'd sell his ass to Microsoft for five years' salary.

Your salary sucks.

Re:nice try (1)

Rakarra (112805) | more than 2 years ago | (#36802844)

On the other hand, a lot of problems can be solved by throwing money at them. If I "knew a guy" who ran a botnet, you can bet that I'd sell his ass to Microsoft for five years' salary.

Your salary sucks.

Maybe, but hardly unusual for those who work outside the tech sector.

Re:nice try (0)

Anonymous Coward | more than 2 years ago | (#36803278)

"Money can't buy you love or happiness, but it can rent a reasonable facsimile."

Re:nice try (1)

elashish14 (1302231) | more than 2 years ago | (#36808154)

Isn't this really similar to the program where they get disgruntled ex-employees to report incidents of pirated software in the workplace?

Re:nice try (0)

Anonymous Coward | more than 2 years ago | (#36802384)

Wrong. EVERY problem can be solved by throwing money at it. What matters most is that you know WHERE to throw it.

Re:nice try (0)

Anonymous Coward | more than 2 years ago | (#36807446)

Not every problem can be solved by throwing money at it, as Murdoch has learned.
Does Micro$oft have any other resources that could be thrown at the problem?

thrown? how about chairs? have they tried chairs?

Re:nice try (1)

jira (451936) | more than 2 years ago | (#36808778)

Well, they can always "Ask Slashdot". There seems to be a lot of experts (at least on what MS should/should not do).

I don't suppose (2)

mswhippingboy (754599) | more than 2 years ago | (#36802394)

a $250,000 reward for new information that results in the identification, arrest and criminal conviction of such individual(s)

I don't suppose "MS, your security sucks" would qualify as new information, although that's "who's" ultimately responsible for the success of this botnet. Oh well.

Re:I don't suppose (1)

c6gunner (950153) | more than 2 years ago | (#36803046)

I don't suppose "MS, your security sucks" would qualify as new information, although that's "who's" ultimately responsible for the success of this botnet. Oh well.

Thank you for that "information". Your reward is a free kick in the balls with a frozen mukluk. Please post your address in a followup comment. Expedited delivery is available at a cost of $15. Thank you.

nice red herring (2)

sl4shd0rk (755837) | more than 2 years ago | (#36802404)

Focus blame on bot herders, no need to fix software problems.

Re:nice red herring (1)

Samurai Nigel (1017654) | more than 2 years ago | (#36802440)

Focus blame on a ten year old operating system that people refuse to update or replace, not on the people out there exploiting it.

Re:nice red herring (0)

Anonymous Coward | more than 2 years ago | (#36803148)

Welcome to 2011, you must have been hiding in your mom's basement since 2001. Spending all your time hacking on an old distro of Red Hat.
As to the main item of comment; The big catch is in the requirement that the info leads to the. "...identification, arrest and criminal conviction of such individual(s)."
What if the responsible party is the Chinese government or the Iranian government? No conviction=no cash.

Re:nice red herring (1)

Locutus (9039) | more than 2 years ago | (#36802590)

and it's cheap too. What fool would expect Microsoft to tell you the information you just gave them was "new"? Why does it remind me of their method of filing patents? Like everything else from them, it's more likely to be just another PR stunt. IMO

LoB

Re:nice red herring (1)

Joce640k (829181) | more than 2 years ago | (#36802756)

Focus blame on users who click "yes" to any old popup window (it could happen on any OS no matter how secure).

It will be interesting to see what happens next. Huge bounties followed by a well publicized trial where people go to prison might actually work to deter other wannabe botnet makers.

Release the Linux dorks (0)

Anonymous Coward | more than 2 years ago | (#36802484)

You know it's gonna happen.

hmmm money (1)

zAPPzAPP (1207370) | more than 2 years ago | (#36802538)

Maybe they give me 10$ for linking to this news.

Time for the botnet owner to cash in with some new, yet unthreatening info?

$250,000 (0)

Anonymous Coward | more than 2 years ago | (#36802604)

I wonder if the prize is actually 25,000 Windows XP home OEM licenses?

The only problem is... (1)

MHolmesIV (253236) | more than 2 years ago | (#36802612)

The money is currently tied up in Escrow after the PRINCE died, and we need your help to LIBERATE it. For your efforts, WE will pay you THE SUM OF $250000 (TWO HUNDRED AND FIFTY THOUSAND US DOLLARS).

Send your Name, Address, Social Security Number, a recent photo, and your Bank account info to:
MICROSOFT RUSTOCK INFO
C/O MR SIPHO DLAMINI
512 MAIN STREET
ABUJA, NIGERIA

Also, we will send you a free sample of our new herbal PEN?IS ENLARGEMENT system.

Re:The only problem is... (0)

Anonymous Coward | more than 2 years ago | (#36802642)

Prince is dead?! :( Did he die in a red corvette, by any chance?

Re:The only problem is... (0)

Anonymous Coward | more than 2 years ago | (#36802734)

a little one, yes

Spamhaus is a good start... (1)

Eggplant62 (120514) | more than 2 years ago | (#36802758)

One wonders, are they working at all with Steve Linford and Spamhaus? If not, why not? I know of no other well-researched collection of information, nor any other man well versed in who's sending spam.

Finally....woot woot to M$ (1)

hesaigo999ca (786966) | more than 2 years ago | (#36802850)

I have to applaud their strategy...let the coders doing all the work for the criminals, give in of the source code for some dough for a great relocation to some hot palm tree filled island...in the mean time giving away trade secrets belonging to the underground cybermafia....to totally devastate their revenu stream, and this will be superb! I cant wait till their start doing it.....

Give the Reward to epSos.de (0)

Anonymous Coward | more than 2 years ago | (#36803218)

WARNING : Reverse Psychology Joke ahead.

The herder is my neighbor that I really dislike.
She has been spasming people with noise too much recently.
.
Can I have my 250K now ?

The key word here is "new" (1)

Psicopatico (1005433) | more than 2 years ago | (#36803558)

*ring*
- Hi, I'm Bob from Microsoft Happy Hunting Customer Care. How can I help you?
- Hi, the name of the Rustock botnet master is "John Doe". Now let's talk about the 250K$...
- I'm sorry Sir, but we already knew that, so no bucks for you. Have a nice day!

The Secret, Revealed (0)

Anonymous Coward | more than 2 years ago | (#36803654)

A week ago I was reading on Slashdot how the cops somewhere were claiming Microsoft had become the experts at botnet hunting. Many commentors asked what their secret was.

Well, here is it. Apparently, Microsoft is taking the Crime Stoppers approach - payoffs for tipoffs. In truth, The Red Cross or Donald Trump could apparently be just as effective. Anyone with money to throw around could.

So yeah, well done MS. If you can't beat em, buy em, right?

Do I win the $250,000? (1)

RobertM1968 (951074) | more than 2 years ago | (#36804228)

Bill Gates/Steve Ballmer and teams...
1 Microsoft Way
Redmond Washington

So... do I win?

</end poor attempt at humor>

pretty bad terms (1)

Bram Stolk (24781) | more than 2 years ago | (#36806422)

I don't think they made the terms-of-payment very attractive to the would be informant.
They want identification, arrest and conviction. Yeah, right! Those kind of rewards never pay out.
If I could finger someone, I would not trust to see it through to conviction and get the money.
Especially if the perpetrator is in China or Russia.
Do you think it would ever lead to conviction in that case, even if the culprit is known?
Microsoft should be a lot more bold here, and award to 250K for the identification.
Or maybe even split it up: 100K for identification, 100K for arrest and 100K for conviction.

Nuke Microsof and Seattle (0)

Anonymous Coward | more than 2 years ago | (#36807822)

Kill all the fucking perverts and Billie B. and Stevie B.

Watch their bodies burn on YouTube. : ))

--//..

Loop holes (0)

Anonymous Coward | more than 2 years ago | (#36807968)

Microsoft never cared about international laws before. Pursuant to the countries laws my ass.

I wonder... (1)

DeeEff (2370332) | more than 2 years ago | (#36808210)

If you happened to be a botnet owner, and you turned yourself in to Microsoft, would they pay your lawyer fees and bail as well?

Just saying, some of the smaller botnets could make a lot of money that way.....

Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...