×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

The Inside Story of the Kelihos Takedown

samzenpus posted more than 2 years ago | from the with-a-little-help-from-my-friends dept.

Botnet 83

Trailrunner7 writes "Earlier this week, Microsoft released an announcement about the disruption of the Kelihos botnet that was responsible for spam messages, theft of sensitive financial information, pump-and-dump stock scams, and distributed denial-of-service attacks. The botnet had a complex, multi-tiered architecture as well as a custom communication protocol and three-level encryption. Kaspersky Lab researchers did the heavy lifting, reversing the protocol and cracking the encryption and then sink-holing the botnet. The company worked closely with Microsoft's Digital Crimes Unit (DCU), sharing the relevant information and providing them with access to our live botnet tracking system."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

83 comments

Uhm... (0, Offtopic)

Black Parrot (19622) | more than 2 years ago | (#37562056)

I think if I were Kapersky Labs, I wouldn't be advertising the fact that I was in on this kind of thing.

Re:Uhm... (1)

joelleo (900926) | more than 2 years ago | (#37562068)

Thankfully you're not Kaspersky Labs. I like the details they've provided.

out of curiosity, why wouldn't you advertise the fact that you, a security team, were involved in the takedown of a security threat?

Re:Uhm... (2, Interesting)

Anonymous Coward | more than 2 years ago | (#37562120)

Because these botnets are run by, or closely work with, organised crime organisations.

If the become a big enough problem and cause enough damage then said organisations will probably have no qualms bringing the fight into meatspace.

Would Kapersky continue doing this if one of their employees was murdered in retaliation?

Re:Uhm... (1)

mkiwi (585287) | more than 2 years ago | (#37562172)

So in other words, we have large corporations vs. organized crime. I fail to see how Kapersky and Microsoft lose.

Re:Uhm... (0)

Anonymous Coward | more than 2 years ago | (#37562266)

"large corporations vs. organized crime"
I fail to see your distinction.
That's like saying politicians VS corrupt politicians...one and the same.

Re:Uhm... (1, Insightful)

LordLimecat (1103839) | more than 2 years ago | (#37562358)

Such a sentiment kind of falls flat on its face when the 2 big corps in question are kind of undeniably the good guys in this story. Possibly save your bile for the next time a MS anti-trust issue comes up, but in this article kindly keep your trap shut.

Good actions should be lauded, not condemned by ignorant slashdotters.

Re:Uhm... (0, Troll)

Hylandr (813770) | more than 2 years ago | (#37562694)

Good actions lauded yes, but scant praise can be found for a rapist that has just helped a granny across the street. Nor does a few acts of benevolence outweigh a lifetime of ill-deeds.

These items are all debatable and often subject to public opinion, but one thing is certain; for the time being we all have the right to express ourselves, being a free country and all. You have no authority to tell anyone to keep their trap shut.

- Dan.

Re:Uhm... (-1)

Anonymous Coward | more than 2 years ago | (#37566760)

...but one thing is certain; for the time being we all have the right to express ourselves, being a free country and all.

Indeed, Dan. We're similarly free to express the opinion that you're demonstrably an asshole.

See what I did there?

Re:Uhm... (0)

ozmanjusri (601766) | more than 2 years ago | (#37562814)

Good actions should be lauded, not condemned by ignorant slashdotters.

I like your thinking:

  1. Create huge problem
  2. Fix tiny part of huge problem
  3. Receive accolades from intelligent Slashdotters
  4. ???
  5. Profit. (actually, this was concurrent with Step One)

Re:Uhm... (1)

LordLimecat (1103839) | more than 2 years ago | (#37566256)

Fix tiny part of huge problem

So in your opinion, none of the security fixes in Vista / Seven count for anything?

As long as flash and java continue to have terrible security flaws, Microsoft is liable for the consequences?

Re:Uhm... (2, Funny)

Anonymous Coward | more than 2 years ago | (#37562282)

So in other words, we have large corporations vs. organized crime. I fail to see how Kapersky and Microsoft lose.

Um.. probably because large corporations always win.

Going to get down modded for WOOSH. Just watch.

Re:Uhm... (1)

Anonymous Coward | more than 2 years ago | (#37563628)

The companies don't lose, but the employees can.

Re:Uhm... (2)

Fluffeh (1273756) | more than 2 years ago | (#37562128)

Because the owners of these things are rather shady criminal types at best and you taking away their shiny thing that makes them tons of money is a great way of attracting attention of their underlings who come visit you and do shady criminal things to your knees at best.

Re:Uhm... (2)

PopeRatzo (965947) | more than 2 years ago | (#37562572)

Because the owners of these things are rather shady criminal types at best and you taking away their shiny thing that makes them tons of money is a great way of attracting attention of their underlings who come visit you and do shady criminal things to your knees at best.

There's so much money to be made that I doubt they've got time to be out breaking knees of corporate types. That just brings unwanted attention and heat.

They'll move on to something else, something probably more lucrative. They know that the Kaspersky's of the world can only play catch-up. For now. I believe one of the big changes we're going to see in the near to mid-future is the removal of the "organized crime" types from computer crime and their replacement by "legitimate" businesses. That's how all these things work. Look at Facebook. Who has to break the law when people will line up to give you all their information? The data that the maffiya types are stealing today will be collected legally tomorrow (or later today).

Re:Uhm... (1)

RMH101 (636144) | more than 2 years ago | (#37565016)

Contrast to Stuxnet. Langner Communications, who are a small outfit of a few people, first started analysing it.
"Langner also realized after analyzing the Stuxnet code that it was designed to disable a particular nuclear facility in Iran. That's serious business, he figured. Some Iranian nuclear scientists, he remembered, had been mysteriously killed. Langner published his findings anyway."

If someone (let's just say for example the US Government) were to devote years of work to creating a worm so advanced that researchers said it looked "like alien technology" and I was a small firm who first noticed it, I'm not sure I'd be as brave...

Re:Uhm... (1)

PopeRatzo (965947) | more than 2 years ago | (#37565630)

Some Iranian nuclear scientists, he remembered, had been mysteriously killed.

Wait, Iranian killing someone is hardly an argument. He might have seen someone's wife without her veil or missed afternoon prayers or driven 38 in a 40 mph zone. Maybe he dropped a centrifuge on his foot and hollered "Allah damn it!" Come on, they just gave a woman 40 lashes for updating her Facebook page.

If someone (let's just say for example the US Government) were to devote years of work to creating a worm so advanced that researchers said it looked "like alien technology" and I was a small firm who first noticed it, I'm not sure I'd be as brave...

And if Superman and Green Lantern had a fight over who was more ripped, and Green Lantern used his ring to make a giant hammer and he swung it at Superman and then Superman dodged and the giant hammer hit the Sears Tower and I was on the Blue Line train just leaving the Halsted Street Station with hot supermodel on my lap and saw the Sears Tower crash down along the Eisenhower Expressway just feet from the train I would so have a boner. So what's your point?

Re:Uhm... (2)

ozmanjusri (601766) | more than 2 years ago | (#37564130)

Because the owners of these things are rather shady criminal types at best

Microsoft is a publicly listed company, Ballmer's not the owner, he's just the CEO.

all totally legal! (1)

decora (1710862) | more than 2 years ago | (#37562330)

no vigilantism here. doo de doo. nope. not a bit.

Re:all totally legal! (1)

Anonymous Coward | more than 2 years ago | (#37562664)

The term vigilante comes from what again?

Oh yeah, committees of vigilance who were concerned citizens dealing with the problem of a lack of effective law enforcement.

But really, do you think that Microsoft and Kaspersky aren't working with the FBI, Secret Service, and everybody else concerned?

vigilantes: criminals who (1)

decora (1710862) | more than 2 years ago | (#37573502)

operate without a judge, a jury, or a set of laws. no due process, no checks and balances. just a bunch of megacorporations, unaccountable to anyone, going out there and 'hunting down' people they dont like.

i.e. barbarianism.

Re:vigilantes: criminals who (1)

rocket rancher (447670) | more than 2 years ago | (#37579942)

operate without a judge, a jury, or a set of laws. no due process, no checks and balances. just a bunch of megacorporations, unaccountable to anyone, going out there and 'hunting down' people they dont like.

i.e. barbarianism.

operate without a judge, a jury, or a set of laws. no due process, no checks and balances. just a bunch of megacorporations, unaccountable to anyone, going out there and 'hunting down' people they dont like.

i.e. barbarianism.

I don't think it is that dire. Megacorporations actually are accountable, in ways that politicians can never be. You can't get accountability from somebody who has to woo the public to stay in office. Megacorps are accountable to their board of directors and to their stock holders, a far more important and influential constituency than fickle voters. I trust the CEOs of megacorporations to keep my best interest at heart far more than I trust politicians from any party, because CEOs can't hide from the bottom line. Politicians can change like the weather, reflecting the mood of their constituents, but a CEO has a come-to-Jesus moment every quarter. Accountability (and it's enabler, transparency) are anathema to political leadership for this very reason. It's taken a couple hundred years for it to become apparent in the American experiment, but the writing is on the wall. What is emerging in America is an oligarchy, where accountability and transparency are woven into the economic fabric of the society, and aren't merely tacked on by easily loopholed legislation which is then weakly (if at all) enforced by politically-appointed judges.

Re:Uhm... You've been missled (0)

Anonymous Coward | more than 2 years ago | (#37564062)

Microsoft has signatures of every file on a windows user computer since the release of ‘service pack 3 for xp’, and this information is upload to be processed. maybe its sold to law-enforcement to catch people who collect pornography, or to the entertainment industry to find out how many people are distributing ‘loose-change’ illegally. windows defender will protect you, yea right so i’m going to install software that will scan all my files and upload this information to a server somewhere. And what is really funny is how some people will use free virus scanners.

Microsoft Digital Crimes Unit (2, Funny)

uufnord (999299) | more than 2 years ago | (#37562070)

... what, do they arrest themselves?

Re:Microsoft Digital Crimes Unit (3, Funny)

Megaweapon (25185) | more than 2 years ago | (#37562352)

I wonder if they ever caught the guy responsible for Windows ME.

Re:Microsoft Digital Crimes Unit (1)

Ihmhi (1206036) | more than 2 years ago | (#37565492)

No, sadly he died. He was coding with a BAC of 0.21 and ran his desk into a tree.

you sunk my botnet! (1)

cheeks5965 (1682996) | more than 2 years ago | (#37562106)

fsck, man, do you know how long it took me to set up that botnet? get it just how I wanted it? now i gotta start all over.

Re:you sunk my botnet! (1)

John Hasler (414242) | more than 2 years ago | (#37562236)

> now i gotta start all over.

No you don't. In the next phase of the operation (it won't be publicized) they will work with a different, less well-known Russian "security" organization. In that phase it won't be the botnet that gets "taken down".

They sound like the good guys for once. (2)

ludomancer (921940) | more than 2 years ago | (#37562176)

I don't think I have EVER read a story about internet security where they weren't attacking some kid on a college campus for sharing music, or blaming someones grandfather of childporn. This is actually a refreshing story for a change.

Re:They sound like the good guys for once. (1)

Anonymous Coward | more than 2 years ago | (#37566476)

Don't read much, do you...

Re:They sound like the good guys for once. (0)

Anonymous Coward | more than 2 years ago | (#37567258)

I don't think I have EVER read a story about internet security where they weren't attacking some kid on a college campus for sharing music, or blaming someones grandfather of childporn. This is actually a refreshing story for a change.

You clearly don't read enough internet security stories. That aside, "sharing" music i.e. downloading it for free and/or making it freely available to millions of other people is illegal, whether you're a college kid or not. Childporn is also illegal, whether you're someone's grandfather or not.

Fuck fuck fuck fuck shut up yo! Serially! (1)

For a Free Internet (1594621) | more than 2 years ago | (#37562194)

Everybody shut up! This hot girl looked at me in class and I'm trying to remember her phone number yo, so I'm trying to concentr5ate so please for the love of CHRIST shut the fuck up!

Re:Fuck fuck fuck fuck shut up yo! Serially! (2, Funny)

Anonymous Coward | more than 2 years ago | (#37562438)

Was it 867-5309?

Microsoft cleans up the mess it created. (0)

QuietLagoon (813062) | more than 2 years ago | (#37562224)

It is nice to see Microsoft clean up the malware mess that is endemic in the Windows world. Microsoft Windows has always looked to me as if it were designed with a features are more important than security attitude. Now that the ramifications of that design strategy are coming home to roost, Microsoft is participating in the fight against the very criminal element that Microsoft allowed to blossom.

.
Thank-you Microsoft. It is about time.

Re:Microsoft cleans up the mess it created. (3, Insightful)

Anonymous Coward | more than 2 years ago | (#37562442)

Yeah because nobody else has a security problem with their software or setup.

http://kernel.org/ (How long has it been now?)

Wake me up when everyone grows up and realizes how hard our jobs truly are.

Re:Microsoft cleans up the mess it created. (1)

cheater512 (783349) | more than 2 years ago | (#37562808)

How does kernel.org being down affect me or my servers? It doesn't really.

How does Windows affect me and my servers? Yup. A hell of a lot more.

Re:Microsoft cleans up the mess it created. (0)

Anonymous Coward | more than 2 years ago | (#37572796)

It does and let me explain.

Microsoft is installed on millions and millions of computers and they obviously can't keep basic security things in check sometimes but if you can't take the most secure operating system on the planet (or close) and secure one server or set of servers then how can it be any safer?

Re:Microsoft cleans up the mess it created .. (0)

CalcuttaWala (765227) | more than 2 years ago | (#37562482)

"Microsoft is participating in the fight against the very criminal element that Microsoft allowed to blossom." Just as the United States is now fighting against the Taliban and the Islamist terrorists in Afghanistan and Pakistan whom it once allowed, encouraged and paid money to, to blossom !

Messes from 8+ years ago, maybe. (2, Interesting)

SexyKellyOsbourne (606860) | more than 2 years ago | (#37562584)

I would agree with this if this was posted sometime circa 2005 or before, but that really isn't the case now.

This malware and others like it can only take over if you open an e-mail, go to a bad website, download a bad executable, and run it. Let's break that down.

E-Mail: Any credible ISP and any web-based e-mail service (Yahoo/Gmail/Hotmail) will filter botnet spam. Even if you find said botnet e-mail in your spam folder and try to go to it, any modern web or desktop e-mail client will still warn you like hell.

Browser: Internet Explorer 8 has a malware filter enabled by default (SmartScreen). You get a horrible warning if you try to access malware, and an even worse one if you try to download an executable flagged as malware. IE8 is freely available for XP users, and every mainstream website in the world (including MSFT's) will nag you to upgrade, as most (Youtube/Facebook/Google) don't even support XP's default of IE6 anymore.

OS/User Access: Windows Vista is nearly 5 years old now and included proper user-mode access to the system (UAC) by default. Try to run something that will do something horrible like Kelihos will, and it will also flag a less dangerous-looking, but existent "do not run this" warning. That was improved with Windows 7, which is now 2 years old.

Patches on XP: Anything since XP SP2 (August 2004?) will not only nag for Windows update, but even forcibly reboot your system after enough idle time if what needs to be patched could open the door for botnets. Like with any of the years before listed, any retail PC sold since then will have that. Patches on XP won't fix everything, but the patches (Malicious Software Removal Tool) will typically circumvent well-known botnets.

Conclusion: I would say almost the entirety of the 41,000 systems affected had somehow went ridiculously unpatched for years. We're probably talking Windows 2000 systems. And Linux/BSD was always better as a baseline, but run it unpatched at any such similar level as described, and it will have even worse SSH server vulnerabilities for starters.

Re:Microsoft cleans up the mess it created. (1, Insightful)

Anonymous Coward | more than 2 years ago | (#37562624)

I can't even believe this type of garbage is still posted here. Here, let me enlighten you a bit. Windows is target of choice *because it is popular* and it has a *stable* API. The second tends to be a requirement for the former.

If another OS had cracked the 20% market share, you better believe it you would see it targeted too. OS X only recently is getting some attention here, but only by very minor group of criminals, after all, 7% does not constitute a large userbase.

Finally, ALL the exploits on desktop start off as exploits vs. one of the apps running, like Firefox or Office or Acrobat or whatever is popular.

I guess success is MS's fault, while "secure" OS X enjoys unpatched PDF exploits for years or iOS "handy" remote rooting, I mean jailbreaking, by simply visiting a website.

Re:Microsoft cleans up the mess it created. (1)

Anonymous Coward | more than 2 years ago | (#37562704)

It's not simply API stability that counts here. ABI is far far more useful. Microsoft's is so homogeneous that you can even count on being able to hot-patch library binaries.

Re:Microsoft cleans up the mess it created. (1)

Artifakt (700173) | more than 2 years ago | (#37563236)

It's not simply a matter of popularity, but go on posting anonymously and making it personal if you really think you need to enlighten me.
Here's why:
  1. UNIX based systems are used on a lot of business and banking facilities, which are much more valuable targets for some purposes than the typical home machine. If you want a botnet, yeah, you're going to prioritize having large numbers above many other considerations, but that would mean other types of cracking would not necessarily follow the same pattern, yet they generally do, within a few percent.
            If you can explain why, for example, the servers that hold data on 10,000+ clients get subjected to successful attacks in almost exactly the same proportions as home machines, heavily 'favoring' Microsoft, yet the various UNIX related operating systems are much, much more common there, then you can claim popularity makes all, or even much of, the difference.
              For another example, why didn't Apple cracking go up when i-tunes was first introduced, or when any other Apple product showed a big spike in popularity? Why, knowing Apples get a lot of use in Hollywood for film editing and art, don't the people who bootleg video workprints and such target Apples more there - a place where they are quite popular?
              For another, certain brands of routers and networking gear are much more common than others and actually have a market share similar to MS vrs. their competition - why doesn't popularity there translate into anything like proportionately more exploits?
2. Microsoft set its own standards for API access, and several other things, and Microsoft chose to allow certain third party corporations such as Norton to do things in non-standard ways (again, non-standard and SUB-STANDARD to MS's own internally written rules, not to some other standards MS didn't really want to deal with anyway). Microsoft chose to give some third party software its "Windows Compatible" and higher seals of approval and let them use those in their advertising and packaging without vetting their code at all first, instead of insisting they first write to the specs to get them, and this opened up some specific holes for intrusion, simply because the best fixes for those attacks would have made third party product X also non-compatible. Microsoft's marketing, wanting to be able to boast of how much software ran on Windows, overrode the engineering department repeatedly to create that vulnerability. Even if it were true that ALL desktop exploits start off as exploits against apps, the way Microsoft dealt with some apps contributed to the problem. Just the the choice way back in the Win 95 days, to allow putting all sorts of third party app data in the registry instead of individual .ini's in the same directory as the third party owners, contributed to the system vulnerability. That this kept happening at least through XP, and by some accounts into the Vista years, has created a lot of momentum for Windows crackers.

Re:Microsoft cleans up the mess it created. (1)

Gadget_Guy (627405) | more than 2 years ago | (#37563906)

If you can explain why, for example, the servers that hold data on 10,000+ clients get subjected to successful attacks in almost exactly the same proportions as home machines, heavily 'favoring' Microsoft, yet the various UNIX related operating systems are much, much more common there, then you can claim popularity makes all, or even much of, the difference.

What is the difference between a large server and a home user? It is the person sitting behind the keyboard. On one hand you have a highly qualified person who knows that they have a valuable system and who spends a lot if time locking down and testing the system.

On the other hand you have an average Joe who thinks their system would never be targeted by hackers, and who downloads and runs any random screensaver or funny program that gets sent to them without a second thought.

The biggest obstacle to security is not the operating system, but the people who don't care about it; the people who run as an administrator account (which they haven't needed to do for a decade), with security turned off (like UAC) because they do not want to be inconvenienced, and with lots of programs installed instead of the bare minimum needed to get the job done.

All of this also explains why routers are not as compromised as desktop systems. Once again they are setup by professionals with an eye to security. They also have a limited number of apps on them. Finally they do not have the market share of Windows. You cannot compare their marketshare vs their competition because that is meaningless.

Why, knowing Apples get a lot of use in Hollywood for film editing and art, don't the people who bootleg video workprints and such target Apples more there - a place where they are quite popular?

Because they are not connected to the Internet. Because getting the timing right to luck onto the tiny window of opportunity to find a finished copy on one of these machines (and not just the unedited footage) would be impossible. Because the file size of the movies made for cinema release would be unfeasible to transfer over the Internet without being noticed. Because it is easier to get it other ways, like the discs distributed around the company or to awards judges. There is no point wasting time trying to hack those systems when there are too many variables, too many other easier options and too much chance that any security hole would be found and patched before you managed to transfer a single movie.

As for all you rubbish about Microsoft's APIs, can you name a product that received the official "Windows Compatable" logo whilst using non-standard APIs that caused a security hole. How many people here think that Microsoft should have had veto control over all the third party apps made for Windows? Imagine the outcry if Mcrosoft had refused to allow a competitor's software to be run on their OS. There are still enough people citing the time that a beta version of Windows would not run on DR-DOS!

Re:Microsoft cleans up the mess it created. (0)

ozmanjusri (601766) | more than 2 years ago | (#37564212)

What is the difference between a large server and a home user? It is the person sitting behind the keyboard.

Ah, Microsoft apologists. As hilarious as they are delusional...

Re:Microsoft cleans up the mess it created. (1)

Gadget_Guy (627405) | more than 2 years ago | (#37564502)

Ah, Microsoft apologists. As hilarious as they are delusional...

Wow, you are really not aiming for an insightful mod there! You can't actually come up with any valid discussion points, so you just go for insults. You might think that you are being anti-Microsoft, but in fact you are being anti-IT professional.

Do you seriously suggest that a system that is carefully put together with security in mind by a trained professional will be equally secure as one run by a person with no training and no interest doing anything but the bare minimum default installation? If so, then we might as well sack all the IT staff and let the clueless managers run the computers!

If your entire thought process in regards to computer security is just to avoid Microsoft and you will be fine, then you are doing your users a major disservice. Non-Microsoft systems do get hacked - even the original poster agrees with that. A lot of the time that you hear about those hacks, it turns out it is due to some entirely silly and preventable reason like using a default password for something (or none at all). Who is more likely to make that sort of mistake: someone who is a dedicated system administrator who has a security plan, or someone who just wants to quickly get their OS installation out of the way so they can start downloading porn?

Explain this then (Linux vs. Windows) (0)

Anonymous Coward | more than 2 years ago | (#37564780)

Linux's kernel ALONE has 4x the # of unpatched bugs the ENTIRE SUITE/ARRAY OF WHAT MICROSOFT GIVES YOU TO DO BUSINESS & DEVELOPMENT WITH! Here's your proof(s):

---

Vulnerability Report: Microsoft SQL Server 2008: (09/30/2011)

http://secunia.com/advisories/product/21744/ [secunia.com]

Unpatched 0% (0 of 1 Secunia advisories)

Vulnerability Report: Microsoft Internet Information Services (IIS) 7.x: (09/30/2011)

http://secunia.com/advisories/product/17543/ [secunia.com]

Unpatched 0% (0 of 6 Secunia advisories)

Vulnerability Report: Microsoft Exchange Server 2010: (09/30/2011)

http://secunia.com/advisories/product/28234/ [secunia.com]

Unpatched 0% (0 of 0 Secunia advisories)

Vulnerability Report: Microsoft SharePoint Server 2010: (09/30/2011)

http://secunia.com/advisories/product/29809/ [secunia.com]

Unpatched 0% (0 of 3 Secunia advisories)

Vulnerability Report: Microsoft Forefront Endpoint Protection 2010: (09/30/2011)

http://secunia.com/advisories/product/34343/ [secunia.com]

Unpatched 0% (0 of 1 Secunia advisories)

Vulnerability Report: Microsoft Baseline Security Analyzer 2.x: (09/30/2011):

http://secunia.com/advisories/product/6436/ [secunia.com]

Unpatched 0% (0 of 0 Secunia advisories)

Vulnerability Report: Microsoft Office 2010: (09/30/2011)

http://secunia.com/advisories/product/30529/?task=advisories [secunia.com]

Unpatched 0% (0 of 9 Secunia advisories)

Vulnerability Report: Microsoft Project 2010: (09/30/2011)

http://secunia.com/advisories/product/31177/ [secunia.com]

Unpatched 0% (0 of 0 Secunia advisories)

Vulnerability Report: Microsoft Windows Services for UNIX 3.x: (09/30/2011)

http://secunia.com/advisories/product/5244/ [secunia.com]

Unpatched 0% (0 of 3 Secunia advisories)

Vulnerability Report: Microsoft Internet Explorer 9.x: (09/30/2011)

http://secunia.com/advisories/product/34591/ [secunia.com]

Unpatched 0% (0 of 3 Secunia advisories)

Vulnerability Report: Microsoft Virtual PC 2007: (09/30/2011)

http://secunia.com/advisories/product/14315/ [secunia.com]

Unpatched 0% (0 of 1 Secunia advisories)

Vulnerability Report: Microsoft Visual Studio 2010: (09/30/2011)

http://secunia.com/advisories/product/30853/?task=advisories [secunia.com]

Unpatched 0% (0 of 2 Secunia advisories)

Vulnerability Report: Microsoft DirectX 10.x:
(08/02/2011)

http://secunia.com/advisories/product/16896/ [secunia.com]

Unpatched 0% (0 of 3 Secunia advisories)

Vulnerability Report: Microsoft .NET Framework 4.x
(08/02/2011)

http://secunia.com/advisories/product/29592/ [secunia.com]

Unpatched 0% (0 of 7 Secunia advisories)

Vulnerability Report: Microsoft Silverlight 4.x: (09/30/2011)

http://secunia.com/advisories/product/28947/ [secunia.com]

Unpatched 0% (0 of 1 Secunia advisories)

Vulnerability Report: Microsoft XML Core Services (MSXML) 6.x: (09/30/2011)

http://secunia.com/advisories/product/6473/ [secunia.com]

Unpatched 0% (0 of 4 Secunia advisories)

Vulnerability Report: Microsoft Windows 7: (09/30/2011)

http://secunia.com/advisories/product/27467/?task=advisories [secunia.com]

Unpatched 7% (5 of 82 Secunia advisories)

OR

Vulnerability Report: Microsoft Windows Server 2008: (09/30/2011)

http://secunia.com/advisories/product/18255/?task=advisories [secunia.com]

Unpatched 3% (4 of 151 Secunia advisories)

* Nicest part here is, that the few unpatched vulns ALL have valid easy work arounds, or don't apply to workstations, or can be secured for (by turning off services you don't need, especially on desktops/workstations or by securing them down rights-wise)... can Linux say the same?

---

FACT - THAT'S 3.5x LESS UNPATCHED SECURITY VULNERABILITIES ON MS NEAR ENTIRE ARRAY OF WHAT THEY GIVE YOU FOR BUSINESS & DEVELOPMENT (& I know that LAMP can't say the same & tosses on even MORE errors into the mix for Linux) , THAN IS PRESENT ON THE LINUX 2.6x KERNEL ALONE!

NOW- Toss on the rest of what goes into a Linux distro OR the "LAMP" stack, also (Linux, Apache, MySQL, PHP)?

?

That # goes "up, Up, UP & AWAY...", bigime & even moreso, "increasing that lead, that Linux has", lol, in more unpatched known security bugs present that is (a dubious honor/win, lol, to say the least).

So, that "all said & aside"?

Compare a "*NIX/Open SORES" OS in Linux's "latest/greatest"?:

---

Vulnerability Report: Linux Kernel 2.6.x (09/30/2011)

http://secunia.com/advisories/product/2719/?task=advisories [secunia.com]

Unpatched 6% (16 of 275 Secunia advisories)

---

AND YES, there is a remotely vulnerable unpatched security problem outstanding in Linux there too, unpatched (despite all the "Open 'SORES' eyes" out there to fix it (yea, "right", not!))

* Additionally/again - so it "sinks in":

That's also more than the ENTIRE GAMUT of what MS gives folks to do business & build tools for it as well has & LAMP certainly cannot show less errors in unpatched security vulnerablities than 5 total from MS...

In fact? LAMP is the favored attack for phishers & spammers:

http://www.theregister.co.uk/2011/06/10/domains_lamped/ [theregister.co.uk]

---

PERTINENT QUOTE:

"Phishers compromise LAMP-based websites for days at a time and hit the same victims over and over again, according to an Anti-Phishing Working Group survey.

Sites built on Linux, Apache, MySQL and PHP are the favoured targets of phishing attackers,"

---

Vulnerability Report: MySQL 5.x (09/30/2011):

http://secunia.com/advisories/product/8355/ [secunia.com]

Unpatched 4% (1 of 26 Secunia advisories)

* "GOSH" - Looks like MORE THAN SQLServer 2008 with ZERO unpatched, eh?

In fact...100% more of a lead (in bugs unpatched, lol) Yea... bigtime - Some "dubious honor" that... lol! "Big WIN" (not!).

---

Vulnerability Report: Apache 2.2.x (09/30/2011):

http://secunia.com/advisories/product/9633/ [secunia.com]

Unpatched 9% (2 of 22 Secunia advisories)

Ah, what have we HERE now, vs. IIS 7 (again, with ZERO unpatched security vulnerabilities)?

Ah yes... yet again the "LAMP CAMP" shows its "True Colors" with MORE UNPATCHED SECURITY BUGS! Yet another "Win" (not), eh??

---

Vulnerability Report: PHP 5.3.x (09/30/2011):

http://secunia.com/advisories/product/27504/ [secunia.com]

Unpatched 8% (1 of 12 Secunia advisories)

WHAT'S THIS? YET ANOTHER "LEAD" (lol, in unpatched security bugs) for the "LAMP CAMP"??

Another "100% lead" (loss is more like it) no less, vs. MS Visual Studio 2010 or Office 2010 (& their attendant XML, browsers in IE9 even, & MORE - per my earlier posts!)

The RESULTS (very recent mind you) of these unpatched vulnerabilities in "Open SORES/*NIX ware?"

---

KERNEL.ORG COMPROMISED:

http://linux.slashdot.org/story/11/08/31/2321232/Kernelorg-Compromised [slashdot.org]

---

Linux.com pwned in fresh round of cyber break-ins:

http://www.theregister.co.uk/2011/09/12/more_linux_sites_down/ [theregister.co.uk]

---

Breaching Fort Apache.org - What went wrong?

http://www.theregister.co.uk/2009/09/03/apache_website_breach_postmortem/ [theregister.co.uk]

---

Mysql.com Hacked, Made To Serve Malware:

http://it.slashdot.org/story/11/09/26/2218238/mysqlcom-hacked-made-to-serve-malware [slashdot.org]

---

COMPARE & CONTRAST WINDOWS RUNNING IN A HIGH-TPM ENVIRONS SERVER-WISE NOW:

Windows also has been running 24x7 since 2005 for NASDAQ, acting as its "OFFICIAL TRADE DATA DISSEMINATION SYSTEM, non-stop, via Windows Server 2003 + SQLServer 2005 in fail-over clustering on the server-front too!

NASDAQ Migrates to SQL Server 2005:

http://www.windowsfs.com/enews/nasdaq-migrates-to-sql-server-2005 [windowsfs.com]

and here:

NASDAQ Uses SQL Server 2005 - Reducing Costs through Better Data Management:

http://blog.sqlauthority.com/2007/09/17/sqlauthority-news-nasdaq-uses-sql-server-2005-reducing-costs-through-better-data-management/ [sqlauthority.com]

(For proof thereof... for coming up on a DECADE OF SOLID UPTIME uninterrupted & "bulletproof + bugfree", @ NASDAQ too, a high-tpm environs, not just a mail or webserver!)

AND, AGAIN - Do NOTE that SQLServer, IIS7, Windows Server 2008, & Visual Studio 2010 have less security bugs unpatched, BY FAR, than does the "LAMP" stack... period!

---

You like Apples? HOW DO YOU LIKE THOSE APPLES (compared, apples to apples no less), & the stats above for Linux, kernel only? Well, again - it's also NOT the entire 'gamut/array' of what actually comes in a Linux distro as well!

(E.G.-> Such as the attendant GUI, Windows managers, browsers, etc. that ship in distros too that have bugs, and yes, THEY DO)

THAT ADDS EVEN MORE BUGS that COMPOUNDS THAT # EVEN MORE, and worse, for LINUX!!!

So, so much for "Windows is less secure than Linux" stuff you see around here on /., eh?

(It gets even WORSE for 'Linuxdom' when you toss on ANDROID (yes, it's a LINUX variant too), because it's being shredded on the security-front lately, unfortunately)

BOTTOM-LINE:

What this all comes down to, is all the "Pro-*NIX propoganda straight outta pravda" practically doesn't stand up very well against concrete, verifiable & visible facts now, does it? Nope!

... apk

Re:Microsoft cleans up the mess it created. (1)

Richard_at_work (517087) | more than 2 years ago | (#37565860)

I will take it as selective memory that you make no mention of the hugely popular Sendmail and BIND daemons, and their historically similarly hugely popular security issues...? UNIX had its problems in its day as well.

Re:Microsoft cleans up the mess it created. (1)

m50d (797211) | more than 2 years ago | (#37565558)

Finally, ALL the exploits on desktop start off as exploits vs. one of the apps running, like Firefox or Office or Acrobat or whatever is popular.

Nope. Some of them start off as exploits vs. the OS TCP stack, or OS-provided libraries or programs.

Re:Microsoft cleans up the mess it created. (2)

mikerubin (449692) | more than 2 years ago | (#37564710)

"Microsoft is participating in the fight against the very criminal element that Microsoft allowed to blossom"

Microsoft is Iron Man?

soo what about the dictator of Tunisia (1)

decora (1710862) | more than 2 years ago | (#37562316)

when he was running around stealing people's personal information?

oh wait. that was a business opportunity for Microsoft.

Re:soo what about the dictator of Tunisia (0)

Anonymous Coward | more than 2 years ago | (#37565358)

PROTIP: We are talking about information! Not matter/energy.
It is physically impossible to own, steal or sell information.
You can steal a matter/energy that happens to contain information. But for information alone, all you can do is make a copy. Which means the original is still in place. Hence it's not stolen.

So please don't use those distortions of the meanings of words that the organized crime uses for their racketeering scheme.

Thanks.

The last paragraph is priceless (1)

edremy (36408) | more than 2 years ago | (#37562332)

"Interestingly, there is one other theoretical option to ultimately get rid of Hlux: we know how the bot's update process works. We could use this knowledge and issue our own update that removes the infections and terminates itself. However, this would be illegal in most countries and will thus remain theory."

How nice that this will only remain theoretical. Why, it would be awful if they experimented with this method of killing botnets. But I'm sure they're completely honest when they say they'd never do that, ever.

Re:The last paragraph is priceless (2)

Amouth (879122) | more than 2 years ago | (#37562614)

remember code red? remember code Green?

but they are correct - it would be illegal and would also be wrong. best to take down the C&C and let the lifeless and there for useless net slowly get formatted into non existence.

although i'm waiting for the creative bot net that puts a self destruct in - wiping the box if it can't contact the C&C for an extended time (say 2 weeks) so that the security people get stuck with the possibility of destroying peoples data.

maybe i shouldn't give them any ideas.

Self Destruct = Forced Upgrade (1)

SexyKellyOsbourne (606860) | more than 2 years ago | (#37562954)

And remember, Code Red/Green are 10 years old. :)

Wikipedia: The Code Red worm was a computer worm observed on the Internet on July 13, 2001.
Securelist: Net-Worm.Win32.CodeGreen.a, Detected: Sep 14 2001 09:23 GMT
Microsoft: Patch Q300972, [fix] Originally posted: June 18, 2001

Re:Self Destruct = Forced Upgrade (2)

Amouth (879122) | more than 2 years ago | (#37563446)

yes - Code green was a work that used the exact same exploit as code red except it patch the hole and then spread it's self in the same manner as code red. but if the box was rebooted then code green would be gone and the box would be patched.

Re:The last paragraph is priceless (1)

bloodhawk (813939) | more than 2 years ago | (#37562982)

although i'm waiting for the creative bot net that puts a self destruct in - wiping the box if it can't contact the C&C for an extended time (say 2 weeks) so that the security people get stuck with the possibility of destroying peoples data.

maybe i shouldn't give them any ideas.

If that did that I think it would be a blessing, the people infected with these bots have become that way due to their own irresponsible or uneducated behaviour and are a danger to themselves and others, it is far better they are forced to do something about their machine than continue to live in ignorance, perhaps it might teach them that downloading untrustworthy shit is a stupid idea (I doubt it, but one can hope)

Re:The last paragraph is priceless (2)

UnresolvedExternal (665288) | more than 2 years ago | (#37564980)

Deary me... so every plumber and psychologist should read the kernel mailing list?

People (generally) care even less about more important stuff (read: general imploision of global economic finance) than there computer being "kinda wierd when I go on facebook and stuff"

So anyway, you get around to fixing that leaky tap in the bathroom lately?

There is a better way to do this ... (1)

bd580slashdot (1948328) | more than 2 years ago | (#37567666)

Some software already does this. But better ... two types of C&C's one that causes kill if it can be contacted (left silent until needed) and one that causes kill if it can't.

But MSFT destroying industrial systems? (1)

SexyKellyOsbourne (606860) | more than 2 years ago | (#37562968)

As for legality, extreme legacy software and hardware is still often used in industrial plants. The claims against MSFT for purposefully wiping one of those systems and shutting down the lines for weeks would be huge.

Whoever wrote that is probably smarter than thinking doing that will just wipe some old Pentium 2's still out in the wild that'll get replaced with a Win7 laptop the next time a social security check is cashed.

And Microsoft did... (0)

Alex Belits (437) | more than 2 years ago | (#37562444)

...what exactly?

Other than writing a vulnerable OS, I mean.

Re:And Microsoft did... (2)

garyebickford (222422) | more than 2 years ago | (#37563068)

...what exactly?

Other than writing a vulnerable OS, I mean.

In all fairness, there ain't no other kind. Anyone who thinks otherwise is whistling past the graveyard. True, some are better than others, but that's comparing nearly-completely-immune-compromised with not-quite-completely-immune-compromised. In both cases it doesn't take much exposure to make you very sick - but some are not exposed as often. Running an obscure OS that nobody else runs, which is merely a form of security by obscurity, is still probably helping more than the particulars of the OS itself.

The human genome is a pretty good example. As much as 10% and maybe a lot more of it is comprised of various bits of old viruses, transposons (there are about 300,000 copies of just one particular transposon) and other parasitic or predatory genetic bits. That's the result of eons of genetic system wars. Similarly, OS security wars are going to be with us forever - or at least as long as there are still entities that find benefit in exploitation of others.

Re:And Microsoft did... (2)

Alex Belits (437) | more than 2 years ago | (#37568506)

I mean, what exactly did Microsoft do that is in any way related to bringing down this botnet? From the description it looks like Kaspersky Labs did everything, and Microsoft just beaten its chest really hard.

Re:And Microsoft did... (0)

Anonymous Coward | more than 2 years ago | (#37564162)

Rather have a vulnerable OS that does something than an invulnerable OS that does nothing.

Re:And Microsoft did... (1)

Travelsonic (870859) | more than 2 years ago | (#37573230)

#ifndef nothing_h #define nothing_h
PROTIP: Not doing what you want, or not doing what you want YET =/= doing nothing.

Apple? (0)

Anonymous Coward | more than 2 years ago | (#37562458)

Where was apple during all of this?

Re:Apple? (2)

postbigbang (761081) | more than 2 years ago | (#37562548)

Uh, they were not involved as they weren't a target. Note the keyword in the post regarding the word: registry, which Apple currently doesn't have. It has things that are similar, but their security architecture is vastly different than that of Windows.

That's how many now? (1)

jthill (303417) | more than 2 years ago | (#37563810)

I haven't been paying enough attention to count them any more. How many botnets have Microsoft been in on the kill for now?

No information about cracking the encryption (1)

Mattpw (1777544) | more than 2 years ago | (#37563856)

I see they made some tools to analyze the traffic but no information about actually cracking any encryption. Seems to me this was mostly about hijacking and sinkholing contact peer domain lists. Perhaps they left out pertinant bits for their own safety but from reading this the controllers could bypass the sinkhole if their backup list was implemented correctly.

Re:No information about cracking the encryption (0)

Anonymous Coward | more than 2 years ago | (#37564318)

It's not all that hard since Kasperski had full access to the receiving node of the encrypted traffic. In other words, their challenge was more comparable to cracking DRM than to breaking encryption of an intercepted data stream. And as has been demonstrated so many times in history: breaking DRM is not all that hard, even if a lot of effort is invested in the DRM scheme.

Re:No information about cracking the encryption (1)

Anonymous Coward | more than 2 years ago | (#37565124)

It's simple really. Measure the traffic of an infected machine through wireshark. Once you've isolated an address and protocol that appears to be the one the bot is communicating with, then set up a dns entry, or host file entry to resolve that suspicious address to the local machine you redirected to. Depending on the protocol, you set up http, FTP or irc services on that sinkhole machine. Let the infected machine talk to the sinkhole machine at that point, while running ollydebug, and set break points. These bots authenticate themselves, and with ollydebug capturing hex values live, you can intercept the expected password or token. Once you have that token or password, you have control of the bot. Since you now control the bot, you can use it to poison the update and backup lists of servers and move them to your own sinkhole.

Re:No information about cracking the encryption (1)

Mattpw (1777544) | more than 2 years ago | (#37581028)

Thanks so much for the reply, I am relatively clueless abou the nuts and bolts. So from what you are saying they are using a sync crypto scheme where the password can be intercepted? I read in a bot master Q&A they use AES however why couldnt they just switch to async RSA or some kind of PKI based system?

What is with the vigilante approach? (0)

Anonymous Coward | more than 2 years ago | (#37564682)

Why do two privately owned companies hack so many computers and brag about it. Yea, they were already infected with a botnet, but pick up the phone and call the ISP and have them contact the user of the IP. That is how no ones rights get violated.

First rule of cryptography (0)

Anonymous Coward | more than 2 years ago | (#37564744)

Don't roll your own.

Three-level cryptography sounds pretty impressive.

Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...