Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Microsoft Leads Sting Operation Against Zeus Botnets

samzenpus posted more than 2 years ago | from the don't-bot-me-bro dept.

Botnet 114

wiredmikey writes "Microsoft, in what it called its 'most complex effort to disrupt botnets to date,' and in collaboration with partners from the financial services industry, has successfully taken down operations that fuel a number of botnets that make up the notorious Zeus family of malware. In what Microsoft is calling 'Operation b71,' Microsoft and its co-plaintiffs, escorted by U.S. Marshals, seized command and control (C&C) servers in two hosting locations on March 23 in Scranton, Pennsylvania and Lombard, Illinois. The move was to seize and preserve data and evidence from the botnets for the case. In addition to seizing the C&C servers, the group took down two IP addresses behind the Zeus command and control structure, and secured 800 domains that Microsoft is now monitoring and using to help identify computers infected by Zeus."

Sorry! There are no comments related to the filter you selected.

Congratulations (5, Interesting)

Anonymous Coward | more than 2 years ago | (#39473475)

It seems that Microsoft has become a good guy while Apple is rapidly becoming a goat. ... Or have I spoken too soon?

Re:Congratulations (0, Offtopic)

Anonymous Coward | more than 2 years ago | (#39474269)

"good guys" don't cheat to sell phones: http://skattertech.com/2012/03/i-won-the-windows-phone-challenge-but-lost-just-because/ [skattertech.com]

Re:Congratulations (1)

jelle (14827) | more than 2 years ago | (#39474503)

Bastards!

But he won anyway, because he learned a valuable lesson about Microsoft...

Re:Congratulations (1)

epe (851815) | more than 2 years ago | (#39474347)

sorry but the point, I think, is for microsoft not only to "sting" the servers and finding the infected computers.... what are they doing in order to prevent those computers to become infected? I think the problems should be addressed from several parts.. stinging the command and control will only relief for some time... in a few days or weeks, another virus or trojan will infect pcs again and so on... what is Microsoft doing in order to avoid PCs to be infected.

Re:Congratulations (1)

OldHawk777 (19923) | more than 2 years ago | (#39475417)

Well it looks like microsoft (corporate) law enforcement is part of USA culture. Today, USA=CSA Corporate States of America.

The USA government has the organic ability to provide law enforcement muscle domestically and globally.
The CSA government has the organic ability to provide law enforcement cronyism domestically and globally.
Together they will shape US and the world accordingly. IOW: Might makes rights

Re:Congratulations (1)

justforgetme (1814588) | more than 2 years ago | (#39475997)

Relax, this isn't actually something newsworthy.

Every month Microsoft crowns itself the obliterator of botnets for some weird reason. All stories are never heard of a few days later.
Nothing really will change, a publicity stunt is what a publicity stunt is. And if you have to ask... You lost "just because"

Re:Congratulations (3, Funny)

WrongSizeGlass (838941) | more than 2 years ago | (#39474759)

It seems that Microsoft has become a good guy while Apple is rapidly becoming a goat. ... Or have I spoken too soon?

Microsoft didn't just do this to be a "good guy". Microsoft's been able to take this step by arguing that the botnet operators have been violating its trademarks and damaging its reputation [tgdaily.com] .

Re:Congratulations (0)

Anonymous Coward | more than 2 years ago | (#39475191)

I wonder how long before Microsoft starts shutting down computers that are running software Microsoft deems damaging to their profits?

Re:Congratulations (0)

Pope (17780) | more than 2 years ago | (#39474867)

It seems that Microsoft has become a good guy while Apple is rapidly becoming a goat. ... Or have I spoken too soon?

Let me know when thousands of machines running OS X are being used as C&C servers for botnets. Talk about false equivalency.

Outstanding! (0)

Anonymous Coward | more than 2 years ago | (#39473491)

Keep tearing these asshats apart, DCU!

Physical Seizures? (0, Troll)

jcaldwel (935913) | more than 2 years ago | (#39473507)

TFA:

Microsoft has conducted physical seizures

Since when can a CORPORATION perform seizures of private property???

Re:Physical Seizures? (1)

Anonymous Coward | more than 2 years ago | (#39473537)

Welcome to America, where the state is a Corporation

Re:Physical Seizures? (1)

Nyder (754090) | more than 2 years ago | (#39473665)

Welcome to America, where the state is a Corporation

Welcome to the United* Corporations of America.

*United only in the idea that people live to make them profits.

Re:Physical Seizures? (1)

nhat11 (1608159) | more than 2 years ago | (#39474639)

And where users don't read the original article and put on tin foil hats.

Re:Physical Seizures? (5, Informative)

Anonymous Coward | more than 2 years ago | (#39473569)

The US Marshals performed the seizures. Did you not RTFA?

Re:Physical Seizures? (0)

Anonymous Coward | more than 2 years ago | (#39473669)

The article contains the exact phrase "Microsoft has conducted physical seizures".

Re:Physical Seizures? (-1)

Anonymous Coward | more than 2 years ago | (#39473709)

The article contains the exact phrase "Microsoft has conducted physical seizures".

Nowhere in that article did it contain that exact phrase...

Re:Physical Seizures? (2)

Anonymous Coward | more than 2 years ago | (#39473741)

The operation is the second time Microsoft has conducted physical seizures in a botnet takedown operation, and is the first known time the Racketeer Influenced and Corrupt Organizations (RICO) Act has been applied as the legal basis in a consolidated civil case to charge all those responsible in the use of a botnet.

There ya go, lazy-ass AC.

Re:Physical Seizures? (1, Informative)

amiller2571 (2571883) | more than 2 years ago | (#39473889)

Microsoft and its co-plaintiffs, escorted by U.S. Marshals

It also contains this :P

Re:Physical Seizures? (0)

Anonymous Coward | more than 2 years ago | (#39474267)

So? That has nothing to do with AC's contention that the phrase didn't appear in TFA, was, in fact, wrong. As to the US Marshalls presence, they were only threeto serve the warrants. It was Microsoft employees that collected evidence and carried out the seizures: [nytimes.com]

Microsoft lawyers and technical personnel gathered evidence and deactivated Web servers ostensibly used by criminals in a scheme to infect computers and steal personal data. At the same time, Microsoft seized control of hundreds of Web addresses that it says were used as part of the same scheme.

and

Microsoft attacked three botnets in the last couple of years through civil suits. In each case, Microsoft obtained court orders that permitted it to seize Web addresses and computers associated with the botnets without first notifying the owners of the property.

Re:Physical Seizures? (-1)

Anonymous Coward | more than 2 years ago | (#39474397)

The operation is the second time Microsoft has conducted physical seizures in a botnet takedown operation, and is the first known time the Racketeer Influenced and Corrupt Organizations (RICO) Act has been applied as the legal basis in a consolidated civil case to charge all those responsible in the use of a botnet.

There ya go, lazy-ass AC.

I was referring to this article on Slashdot (the one by wiredmikey), not the other article. Nowhere in my response did I mention that I was talking about the article from Security Week. Nice try on being a troll though.

Re:Physical Seizures? (0)

fast turtle (1118037) | more than 2 years ago | (#39474467)

Did you not RTFS? Microsoft and it's co-plaintifs escorted by U.S. Marshals

Re:Physical Seizures? (0)

WrongSizeGlass (838941) | more than 2 years ago | (#39474791)

Did you not RTFS? Microsoft and it's co-plaintifs escorted by U.S. Marshals

So now Microsoft is in the escort business?

Re:Physical Seizures? (0)

Anonymous Coward | more than 2 years ago | (#39475999)

Can you fucking read asshole? The sentence says that the US Marshals are in the escort business.

Re:Physical Seizures? (1)

Anonymous Coward | more than 2 years ago | (#39473575)

A corporation did not seize private property. The government did: http://www.zeuslegalnotice.com/images/TRO_Seizure_Order_Part_1.pdf

Keep the tinfoil handy though!

Re:Physical Seizures? (1)

Anonymous Coward | more than 2 years ago | (#39473577)

Well it says they had US Marshals with them. In the same was as a bank can come with the local Sheriff to repossess a home from folks that haven't been paying. It isn't even an issue; it is the way this stuff works. It is interesting that you think it is an issue though. Would you - as a private party or as an agent of a corporation - want to send a Marshal or Sheriff to get some item without having your representative on scene to be sure it was the right item and that it wasn't damaged?

Re:Physical Seizures? (0)

Anonymous Coward | more than 2 years ago | (#39473581)

Missed a certain part:

"escorted by U.S. Marshals"

Re:Physical Seizures? (0)

Anonymous Coward | more than 2 years ago | (#39473585)

"Microsoft and its co-plaintiffs, escorted by U.S. Marshals..."

RTFA (0)

Anonymous Coward | more than 2 years ago | (#39473591)

"co-plaintiffs" implies the courts being involved

Re:Physical Seizures? (1)

Anonymous Coward | more than 2 years ago | (#39473593)

You know how you can punch someone in the face and then they can sue you to take all your stuff? That's how. The people running these things are causing damage to Microsoft and its customers. A better question is why is this question asked every time Microsoft takes down a botnet?

Re:Physical Seizures? (0)

Anonymous Coward | more than 2 years ago | (#39473601)

They can't. The seizure was done by law enforcement officers (US Marshalls).

Re:Physical Seizures? (1)

poetmatt (793785) | more than 2 years ago | (#39473605)

I wouldnt' doubt that it'd be that hard to get a warrant in this case with microsoft helping to gather the information.

Re:Physical Seizures? (0)

Anonymous Coward | more than 2 years ago | (#39473619)

well lets mark the day as today.

Re:Physical Seizures? (0)

Anonymous Coward | more than 2 years ago | (#39473625)

There have been several music orgs which have been done this over the past year or two. So there is a pattern.

Re:Physical Seizures? (5, Informative)

Nyder (754090) | more than 2 years ago | (#39473639)

TFA:

Microsoft has conducted physical seizures

Since when can a CORPORATION perform seizures of private property???

When it gets a court order and has proper officials (in this case, US Marshals) with them, like it appears happened.

Re:Physical Seizures? (1)

rednip (186217) | more than 2 years ago | (#39473645)

Since when can a CORPORATION perform seizures of private property???

Maybe the warrant was written that way, or perhaps the authorities used them as specialists. However, as tow truck drivers seize private property every day, I suspect that it's not as big of a hurdle as you believe.

Re:Physical Seizures? (0)

Anonymous Coward | more than 2 years ago | (#39473647)

Based on the Seizure Order [zeuslegalnotice.com] it appears that they convinced a judge that if the equipment wasn't seized, the bad guys would simply pack up their computers and move elsewhere.

Re:Physical Seizures? (5, Funny)

Oswald McWeany (2428506) | more than 2 years ago | (#39473745)

I probably shouldn't be admitting this online- but I am part of Microsoft's counter-terror department. We are a highly trained SWAT team that risks our life daily raiding LINUX farms. Our safety demands daily communication using Windows phones; it is one of the most dangerous jobs in the country.

We are highly trained in many ways to take on any situation needed. Even take out the Prez if he threatens to sign any bill that would not be favourable of Microsoft. We constantly run into our major foe, Apple, and fight hand-to-hand combat in the street and the patent office.

After announcing this initiative, I am in grave danger. Within a few weeks I will be tracked by other operatives by the GPS on my windows phone... if the battery doesn't die first.

Re:Physical Seizures? (5, Funny)

Rogerborg (306625) | more than 2 years ago | (#39474109)

Ah, so you have a Windows phone! Now we just need to figure out who the other guy is.

Re:Physical Seizures? (1)

sattu94 (1989362) | more than 2 years ago | (#39474185)

Aaahh..
So you've probably faced the man with the long beard and two katanas? You probably have, you cant miss his friend with the red cape in the balloon.

Re:Physical Seizures? (0)

Sir_Eptishous (873977) | more than 2 years ago | (#39474273)

Holy shit that is funny! Someone needs to spoof this concept to film ala "Anchorman, the legend of Ron Burgundy" and have a street fight/hacking fight scene involving Microsoft, Google, Facebook and Apple.

Re:Physical Seizures? (1)

adisakp (705706) | more than 2 years ago | (#39474873)

Even take out the Prez if he threatens to sign any bill that would not be favourable of Microsoft.

Microsoft has a British Counter-Terror Department?

Re:Physical Seizures? (1)

Oswald McWeany (2428506) | more than 2 years ago | (#39474947)

My cover is as a British person.

Re:Physical Seizures? (1)

jellomizer (103300) | more than 2 years ago | (#39473875)

I don't think there is a rule expressing that an outside entity can do the search, if they enter with the appropriate Warrent. I mean we can have Private Investigators do searches, it would make sense when investigating digital data that law enforcement brings experts to let them know what to look for. Otherwise you get a bunch of cops tare a building apart and not really know what to use and what to ignore.

Re:Physical Seizures? (0)

Anonymous Coward | more than 2 years ago | (#39474115)

Well Let's see. I think that part is addressed here, "Microsoft and its co-plaintiffs, escorted by U.S. Marshals, seized...". It's so much better now we're just able to buy our way through the courts and use civic servants to haul away the booty.

Re:Physical Seizures? (1)

snobody (990539) | more than 2 years ago | (#39475701)

When they are escorted by U.S. Marshals, presumably with a valid search warrant.

Fix the system instead. (-1)

Anonymous Coward | more than 2 years ago | (#39473525)

This is not a long time solution. At best we get less spam and DDoS but our Windows systems is just as insecure as ever.

As a linux fanboi it sticks in my throat but.. (5, Insightful)

Chrisq (894406) | more than 2 years ago | (#39473547)

As a linux fanboi it sticks in my throat but well done Microsoft.

Re:As a linux fanboi it sticks in my throat but.. (2, Insightful)

Anonymous Coward | more than 2 years ago | (#39473687)

I could've written your post myself. I'm no M$ fan, but kudos to them on this one. Now cue the usual Slashdot mob, who'll defend the bot herders, bash Windows security (NO operating system is secure when run a by a person hell-bent & determined to fuck up his own computer) all corporations, and the United States in general...

Re:As a linux fanboi it sticks in my throat but.. (0)

Ihmhi (1206036) | more than 2 years ago | (#39475323)

It's about as good as PR as any. They coded an OS with more holes than a termite-infested house, lied about making a brand-spanking new one from scratch (Vista), and loads of other fuckups that generally make Windows a security nightmare. So this kinda stuff makes them look tough on Internets crime, when really the best way to solve it would be to make their OS, browser, etc. a hell of a lot safer.

Re:As a linux fanboi it sticks in my throat but.. (0, Flamebait)

Anonymous Coward | more than 2 years ago | (#39473691)

So Microsoft is doing a few things to try to clean up the consequences of their OS's nonexistent security.
BFD.

Re:As a linux fanboi it sticks in my throat but.. (1)

amiller2571 (2571883) | more than 2 years ago | (#39473963)

The only problem is, for every botnet they take down two more will take it place. That or the ones they take done will just come back up some where else.

Re:As a linux fanboi it sticks in my throat but.. (1, Insightful)

hjf (703092) | more than 2 years ago | (#39474157)

With that attitude, why do you shower? you're going to get dirty again. why do you eat? You'll get hungry again. Why do you live? Kill yourself now, you're going to die anyway.

Re:As a linux fanboi it sticks in my throat but.. (0)

Anonymous Coward | more than 2 years ago | (#39475239)

Ridiculous analogies. You have to weigh the advantages and disadvantages. If the disadvantages outweigh the advantages, then perhaps something should not be done. Taking down these botnets is costly, wastes time, wastes manpower, and if what the person you replied to said is true, then they'll just be replaced anyway.

Re:As a linux fanboi it sticks in my throat but.. (1)

Billly Gates (198444) | more than 2 years ago | (#39475361)

MS has cleaned up their OS and made it secure.

The issue is its users *ahem* corporate america *ahem* who still use 10 year old operating systems. You know the ones who say on slashdot its fine so why upgrade?

Then get all mad that the OS is insecure when it was released in 2001.

Windows 7 has DEP, ASLR, and sandboxing in IE 8/IE 9. Firefox does not even support sandboxing yet which is why I quit using it a year ago when 4.0 came out. In many ways Windows 7 is the most secure OS out there today. If you bash it try something recent. ... PS in 2001 Linux required you to be root in order to use your modem to dial into the internet to use Netscape. Gee, that is not a security threat. LOL.

I did not know as much about computers then as today but I knew that was definitely not right and bad. Linux has not done that in 10 years, but since you are comparing a 10 year old version of Windows I will compare it to a version of Linux from that time frame.

Re:As a linux fanboi it sticks in my throat but.. (1)

eldorel (828471) | more than 2 years ago | (#39476249)

PS in 2001 Linux required you to be root in order to use your modem to dial into the internet to use Netscape

I'm not sure where you got this idea, but no, it didn't.

Perhaps some distributions did, but I was using gentoo and redhat on my laptop at that time and neither one required root to dial.

Re:As a linux fanboi it sticks in my throat but.. (0)

Anonymous Coward | more than 2 years ago | (#39474197)

As a GNU\Linux fangirl, I say "about time".

^_~

Re:As a linux fanboi it sticks in my throat but.. (1)

Billly Gates (198444) | more than 2 years ago | (#39475295)

Just because you do not like a company's products does not mean you can't applaud their actions or maybe even a product that doesn't suck made by them?

I do not know anyone who likes all of Microsofts products. Even Windows fanboys hate older IE or Exchange.

I disliked MS greatly a decade ago and viewed them as dangerous. IE 6 scared the crap out of me and seeing what it would do to interopability of CSS standards. I even wished Apple would have won over Windows a decade ago too. ... fast forward today and we see how evil Apple is. MS never was that insane with suing competitors and taking products off of the market. Google is already introducing quirks in javascript and adding their own web standards and in no doubt in my mind would turn Chrome into their IE 6 with scripting and apis instead of CSS subversion.

Every company is only evil if there is no competition. MS today doesn't scare me and I do like some of their products. I am typing this on Chrome, but IE 9 is a decent browser and nothing like 6 and I do like Excel, Powerpoint, and .NET.

You can still hate the company but love some of their products or applaud their actions when they are no longer a monopoly force to be reckoned with.

Re:As a linux fanboi it sticks in my throat but.. (1)

interkin3tic (1469267) | more than 2 years ago | (#39476335)

As a linux fanboi it sticks in my throat but well done Microsoft.

Odd method of typing there...

First (-1)

Anonymous Coward | more than 2 years ago | (#39473551)

First

Re:First (1)

alphatel (1450715) | more than 2 years ago | (#39473653)

First

Your botnet proxy was surely seized for your post to be so not first.

Now we know! (0)

Anonymous Coward | more than 2 years ago | (#39473607)

Finally we know why DOS and Windows security was left wide open! It was a decades-long sting operation!

Great, first EA makes it difficult... (2)

deroby (568773) | more than 2 years ago | (#39473677)

.. now Microsoft takes the servers down completely. As if I haven't got enough problems to get C&C:Generals to play on-line as it is.

Botnets steal your computer (1)

jfdavis668 (1414919) | more than 2 years ago | (#39473707)

Remember, these botnets are using the hacked PCs against the owners will, without their knowledge. I don't have a problem with the police seizing the controllers.

Dunder Mifflin? (5, Funny)

nthitz (840462) | more than 2 years ago | (#39473727)

Scranton PA? Surely those guys over at Dunder Mifflin didn't have anything to do with it!

Re:Dunder Mifflin? (2)

BetaDays (2355424) | more than 2 years ago | (#39473829)

Dwight coordinated everything between MS and local law enforcement.

Operation B 52's ... (1)

yvesdandoy (44789) | more than 2 years ago | (#39473785)

www.youtube.com/watch?v=szhJzX0UgDM

Re:Operation B 52's ... (1)

amiller2571 (2571883) | more than 2 years ago | (#39474029)

www.youtube.com/watch?v=szhJzX0UgDM

I knew not to check out that link,,, but I just could not help myself and now I scared :(

M$ is EVIL!!!! (-1)

Anonymous Coward | more than 2 years ago | (#39473801)

And once again we have a case of people screaming wolf without putting the slightest amount of actual thought into their statements, or just generally spouting incorrect garbage. Microsoft working with the government to take down a botnet? Clearly Microsoft is evil and we can't trust them.

And I sometimes wonder why I never log into this circle jerk anymore.

God's court (-1)

Anonymous Coward | more than 2 years ago | (#39473821)

I'll see you in God's court for false whitness that hurts my business, Microsoft.

God says...

comparing fig upwards thread vexed teachers grievest coloured
lovest contented enlarge contrition host dejectedness
uncertain Turn drenched talent so whatsoever combinations
alter primitive meanings Things holden armed headlong
High weights restrained abominable sort Emperor's threats
masses comfortest tickled devour possible impaired madly
selling foretelling Priest delights REMEDIES none is Print
explain twenty

If it only helped... (5, Interesting)

Opportunist (166417) | more than 2 years ago | (#39473929)

Have to remain vague to be in accordance of NDAs, but I've been part of such a sting before. On the "good" side, don't get your panties in a knot. It's not as glamorous as it may look at first (it's decidedly NOT like on TV to raid a server hoster). We went in, we cashed in the servers, we went back out, all with the aid of the hoster who, in turn, didn't do anything wrong but was required to cooperate, and did so quite easily. You wave that warrant in front of their nose and they do whatever you want (as long as it's in the warrant, of course).

Before we had the servers dissected and analyzed, the bot herders rerouted to other controlling servers. It's like playing whack-a-mole. The time wasted to get every kind of evidence collected so everything's in order and you get the necessary paperwork ready is a billion times what's needed for the other side to switch over to new servers. And they know that bloody well.

Before you get the wrong idea, the solution is NOT to eliminate due process and let me go nuts on every server hoster in the country, seizing servers as I please. This is not going to do any good. Or rather, do more ill than good. The solution is on the client's side. It's trivial to come up with something that can analyze network traffic and identify bot traffic. Of course, such a device has to be under the control of the customer. Not the ISP. The field for abuse is even wider there. Require people to monitor their traffic. Net access is no more a right than the right to drive a car, and here you have to make sure that your car does not cause trouble to other participants in traffic, why should that not apply for the internet?

This can easily be rolled into a little box that gets updates regularly from its maker, with the current markers for bot traffic, not unlike how we deal with malware on computers already. Just that this time the box is not prone to user idiocy, clicking "yeah, go on" whenever some trojan wants a new home.

Re:If it only helped... (1)

jojoba_oil (1071932) | more than 2 years ago | (#39474123)

Of course, such a device has to be under the control of the customer. Not the ISP.

This can easily be rolled into a little box that gets updates regularly from its maker, with the current markers for bot traffic, not unlike how we deal with malware on computers already. Just that this time the box is not prone to user idiocy, clicking "yeah, go on" whenever some trojan wants a new home.

So on the one hand, you say you want to put control into the hands of the user to avoid the ISPs. Then you follow that by saying you want to put control into the hands of the maker to avoid the idiocy of the users.

This doesn't quite make sense to me. Why should we assume the makers of an anti-botnet box are any better than ISPs?

Re:If it only helped... (1)

Opportunist (166417) | more than 2 years ago | (#39474383)

Good point. An open source solution would probably be best, coupled with a source where you can buy updated botnet identifications.

The detail should be fleshed out, but I think the idea itself is sound.

"It's been done" (by yours truly, long ago)... apk (0)

Anonymous Coward | more than 2 years ago | (#39475005)

See here -> http://it.slashdot.org/comments.pl?sid=2747153&cid=39474939 [slashdot.org]

APK

P.S.=> It's already been submitted to the security community @ large in regards to that which you speak of in fact (and yes, they've seen the "active ingredient" in the sourcecode too, Mr. Steven Burn of hpHOSTS/malwarebytes has)... and yes, it works (does all you requested & MORE)... apk

Re:If it only helped... (1)

Terwin (412356) | more than 2 years ago | (#39476347)

Of course, such a device has to be under the control of the customer. Not the ISP.

This can easily be rolled into a little box that gets updates regularly from its maker, with the current markers for bot traffic, not unlike how we deal with malware on computers already. Just that this time the box is not prone to user idiocy, clicking "yeah, go on" whenever some trojan wants a new home.

So on the one hand, you say you want to put control into the hands of the user to avoid the ISPs. Then you follow that by saying you want to put control into the hands of the maker to avoid the idiocy of the users.

This doesn't quite make sense to me. Why should we assume the makers of an anti-botnet box are any better than ISPs?

Well, to start with, the ISP can cut you off from the internet, possibly with a false allegation.
The maker of the bot detection box can... stop sending you updates?
If you have problems with the box, you probably have more choice than with your ISP, not to mention that you can just remove the box from teh loop if it is giving you problems.
It is much harder to remove your ISP from the loop, particularly when they are the only service provider in your area...

Re:If it only helped... (1)

fast turtle (1118037) | more than 2 years ago | (#39474611)

tell me how the common bobby quickshot is going to be able to identify botnet traffic from his connection when he's barely literate enough to play farmville on FB? IMO it's become a real crime that MS still can't follow the simple "Deny All" policy and ask the user if they want to allow before allowing anything to happen. Yes it'll teach another bunch of Joe Sixpacks and Bobby Quickshots to simply click O'kay and at that point, the ISP does need to get involved and start isolating these idiots from the general net as some are doing. The big question there is "Will this help?" IDK & IDC so long as it keeps them from spamming me.

Re:If it only helped... (1)

JDG1980 (2438906) | more than 2 years ago | (#39474901)

IMO it's become a real crime that MS still can't follow the simple "Deny All" policy and ask the user if they want to allow before allowing anything to happen.

That's pretty much what UAC already does.

Re:If it only helped... (1)

CannonballHead (842625) | more than 2 years ago | (#39476383)

And everyone clicks "Allow" anyways :)

This is how (transparent to user)... apk (0)

Anonymous Coward | more than 2 years ago | (#39475099)

Read here, see how (much like UAC works) -> http://it.slashdot.org/comments.pl?sid=2747153&cid=39474939 [slashdot.org]

In fact, it compliments existing security solutions like firewalls &/or DNS servers (or browser side ones like AdBlock + NoScript) with an IP Stack level solution (as fast as it gets in rpl 0/ring 0/kernelmode vs. usermode/ring 3/ rpl 3 based ones, via the PnP design of the Windows IP stack itself & a filter it has you already have no less but is largely unused by many, much like the human appendix (the hosts file)).

* It automatically updates for users, & doesn't allow them to enter KNOWN bad hosts-domains + is populated from 6 reputable/reliable sources for this (including vs. the ZEUS/SpyEye one in this article)).

APK

P.S.=> Yes, it works, and has worked for myself, family, & friends + testers for decades now (since 1997)... apk

I've did an app like that (32 & 64 bit)... apk (0)

Anonymous Coward | more than 2 years ago | (#39474939)

I've already LONG been @ a "client-side" solution, since 1997 in fact - It's called a custom hosts file, and I've built & rebuilt (recently in fact) an easy to use POINT & CLICK GUI app for it that does all you state (inclusive of autoupdating).

It allows COMPLETE "client-side/end-user" level control.

( & yes, it works (on the simplest principle there is of "you can't get burned if you don't go into the malware fire")).

"The solution is on the client's side. It's trivial to come up with something that can analyze network traffic and identify bot traffic. Of course, such a device has to be under the control of the customer. Not the ISP. The field for abuse is even wider there. Require people to monitor their traffic. Net access is no more a right than the right to drive a car, and here you have to make sure that your car does not cause trouble to other participants in traffic, why should that not apply for the internet?" - by Opportunist (166417) on Monday March 26, @10:24AM (#39473929)

Right on, 110% agreement... & per that? See next below... I've done EXACTLY that, & in both 32-bit + 64-bit form:

"This can easily be rolled into a little box that gets updates regularly from its maker, with the current markers for bot traffic" - by Opportunist (166417) on Monday March 26, @10:24AM (#39473929)

I just finished up an app I've been "perfecting" for that very thing since 2004, & have started "putting it out" for others to use (just got hosting from a widely used respected source for this in hpHOSTS/malwarebytes.org)...

It does ALL you speak of, plus it does the following:

---

1.) Makes hosts file entries UNIFORM (which is a problem amongst hosts file makers - nobody structures theirs the same as the next guy, per the list below... this creates duplicate entries, & ones less efficient than they ought to be as well)

2.) Alphabetizes/sorts entries for easier hosts file mgt.

3.) Removes bloating useless comments (which slows down the hosts file AND creates duplicates too, further slowing it down if the comments 'trail' an entry record).

4.) Changes from the larger/slower 127.0.0.1 to the smaller/faster 0.0.0.0 (just as "universal" too) blocking ip address vs. known bad hosts-domains (and adbanners too which rob a users speed/bandwidth they pay for, increasing screen real-estate on view too by removing them)

5.) Allows a user to "hardcode in" a list of their fav. sites so they resolve to ip address faster (using reverse DNS against the arpa TLD that maintains this), & so they will reach said sites faster by 100's of times no less/many orders of magnitude, PLUS, be assured they are in fact reaching the right place (vs. DNS poisoned redirected dns servers OR even downed ones)

6.) Checks on each hosts file record entry vs. the known 281++ TLD's so that bogus bloating useless entries are NOT present in the custom hosts file.

7.) Filtering vs. sites that should NOT be in a custom hosts file

8.) It "automagically" updates from 6 of the sources I list below (the better ones, some are not as frequently updated, & a couple have 'troublesome entries' that ought NOT to be in the hosts file since they block valid portals (& the app "filters" those out during processing too).

---

& far more (like write protecting the hosts file vs. attack & UAC does the rest in Windows, & write protecting + byte size checks of the app itself, every 1/2 second, vs. viral infestation of itself).

* Mr. Steven Burn of hpHOSTS tested it & said "it's excellent" & yes, it does the job, per the above

(Again, & I just got hosting space from malwarebytes/hphosts & will soon be releasing it for others to use. Very soon... couple of days hopefully, tops!)

APK

P.S.=> Lastly/Also - Congratulations to you, because it's folks like yourself (which I did not know this about you, & yes, I assume you are telling the truth so I take your words @ face value), AND the folks I get my source material in part (I have my own researches of this "in the mix" as well) from also of:

https://zeustracker.abuse.ch/monitor.php?filter=lastupdated [abuse.ch]
https://spyeyetracker.abuse.ch/monitor.php?filter=lastupdated [abuse.ch]
http://hosts-file.net/?s=Download [hosts-file.net]
http://www.malwareurl.com/ [malwareurl.com]
http://someonewhocares.org/hosts/ [someonewhocares.org]
http://amada.abuse.ch/palevotracker.php [abuse.ch]
http://winhelp2002.mvps.org/hosts.htm [mvps.org]
http://mirror1.malwaredomains.com/files/ [malwaredomains.com]
http://www.malware.com.br/cgi/submit?action=list_hosts_win_0000 [malware.com.br]
http://www.malwaredomainlist.com/hostslist/hosts.txt [malwaredomainlist.com]

That help MAKE what you speak of, 'client-side control', absolutely possible!

... apk

Re:If it only helped... (0)

Anonymous Coward | more than 2 years ago | (#39476279)

Net access is no more a right than the right to drive a car

You are completely wrong there. Net access is speech, and speech is actually THE premiere right in the USA.

Microsoft CAUSES botnets (-1, Flamebait)

gavron (1300111) | more than 2 years ago | (#39473957)

> "Today, Microsoft announced in what it called its 'most complex effort to disrupt botnets to date,'

Microsoft Windows = Botnets. If it weren't for Windows being one vulnerability after another there would be no viruses, worms, Trojan horses, bots, botnets, C&C, DDoS, or other compromised systems.

Microsoft's INSISTENCE that W95 should allow W3.1 software to run... that W98 should allow W3.1 software to run... that even with the NT kernel in place W3.1 software should still run (W2K, WXP), and even with the UAC W3.1 software should still run (WVista, W7) is what makes these "horrors" come to life.

If there's one finger to point, it is pointed at Microsoft. That is the company that is hell-bent on making sure they collect as much money as they can offering meager upgrades in function but NEVER adding security. That way old DOS 3.1 programs still work fine on today's PC, and Viruses and worms and botnets have no problems taking an unprivileged process into full kernel control.

Microsoft CAUSES botnets. Their pitiful efforts to tweak one or two C&C servers are beneath contempt.

E

Re:Microsoft CAUSES botnets (4, Interesting)

hjf (703092) | more than 2 years ago | (#39474227)

I had a linux server owned (rootkitted, had to reinstall completely), and it became part of a spam sending botnet.

So, fuck you.

Re:Microsoft CAUSES botnets (-1, Troll)

gavron (1300111) | more than 2 years ago | (#39474305)

No, no.

Fuck you.

You can't even administer a secure operating system correctly.

That makes you not only stupid, but incompetently so.

Go kill yourself.

E

Challenge accepted. (0)

Anonymous Coward | more than 2 years ago | (#39475165)

Give us the IP address of a public internet-facing server that you administer. Let's see if you're as good as you think you are!

Re:Microsoft CAUSES botnets (1)

Errtu76 (776778) | more than 2 years ago | (#39474815)

You should've updated your system, check logfiles, run chkrootkit on a regular basis etc. Else, you're no better than people running unpatched Windows desktops.

Re:Microsoft CAUSES botnets (1)

hjf (703092) | more than 2 years ago | (#39474991)

Whoossshh...

Re:Microsoft CAUSES botnets (0)

Anonymous Coward | more than 2 years ago | (#39474351)

I agree that Microsoft causes botnets, but I don't think backwards compatibility has anything to do with it.
Obviously you've never tried to run DOS apps on Vista or W7. DOSBox does a much, much better job.
Your ideas of backwards compatibility are misinformed.

This was NOT a sting. (0)

Anonymous Coward | more than 2 years ago | (#39474111)

Paul Newman would be turning in his grave. A sting is a con. Microsoft didn't con the bot operators into handing over their servers, they got a bunch of marshalls to storm the hosting outfit and seize them. That's a raid, not a sting.

Yes, I'm commenting here rather than on TFA because I couldn't be bothered to sign up for their commenting system.

BS (-1, Flamebait)

Cherubim1 (2501030) | more than 2 years ago | (#39474213)

This is a laughable propaganda from Microscoff. Anyone with some sense knows that Microsoft's flawed operating systems are the largest contributor to Botnets. It's like using a fly swatter to stop the spread of a locust invasion.

Re:BS (0)

Anonymous Coward | more than 2 years ago | (#39474605)

Anyone with some sense knows that Microsoft's flawed operating systems are the largest contributor to Botnets.

That's a peculiar sentiment, since most of the instances I see are the result of Java or Flash vulnerabilities.

Re:BS (0)

Anonymous Coward | more than 2 years ago | (#39474681)

That's a peculiar sentiment, since most of the instances I see are the result of Java or Flash vulnerabilities.

Java or Flash vulnerabilities that provide a pathway directly into the elevated privileges of the underlying Windows operating system. A hole in Java or Flash only goes so far. After that you need a way to embed code in the OS level that will run after the computer reboots, and runs with the ability to hide itself as a system service. Windows makes that sort of thing relatively easy as far as exploiting operating systems goes. Ones based on unix/linux are significantly more difficult, which is a big part of the reason why these vulnerabilities aren't exploited in the same way on those platforms.

In what way is this a 'sting'? (0)

Iphtashu Fitz (263795) | more than 2 years ago | (#39474595)

The slang term 'sting' means a swindle or fraud. This article doesn't mention any of that - just that Microsoft again seized C&C servers for the botnet. They likely determined which servers were providing C&C for the botnet by good old fashioned detective work, not some elaborate con perpetrated against the operators of the botnet.

Re:In what way is this a 'sting'? (1)

MadMaverick9 (1470565) | more than 2 years ago | (#39474957)

In law enforcement, a sting operation is a deceptive operation designed to catch a person committing a crime.

http://en.wikipedia.org/wiki/Sting_operation [wikipedia.org]

Re:In what way is this a 'sting'? (1)

Iphtashu Fitz (263795) | more than 2 years ago | (#39475063)

In law enforcement, a sting operation is a deceptive operation designed to catch a person committing a crime.

Again, in what way was this a sting? There was no deception involved, at least none that was mentioned in the article. The headline says it was a sting, but nowhere in the article is there any mention of any sort of deception. In fact the article really says nothing at all about how they identified the C&C hosts that were seized. Typically researchers locate C&C servers by analyzing the network traffic to/from a compromised server. How does network analysis equate to deception?

On Location? (0)

Anonymous Coward | more than 2 years ago | (#39474903)

Instead of everyone traveling to collect the boxen, why didn't they hire a *Nix geek to take care of it remotely?

"Hey, WindBlows hosting services! Here is a copy of the court order. By the time you read this the deed is already done."

Really! There is a reason why there is always a cot in the same room with WindBlows servers. Where was the 'Administrator'?

I think the only reason the boxes were taken or cached was so M$ could figure out how to incorporate this new 'Feature'.

'Monitoring' (0)

trongey (21550) | more than 2 years ago | (#39475693)

...domains that Microsoft is now monitoring and using to help identify computers infected by Zeus.

No, really, that's all they're doing. They're not looking at anything else on those computers. They're not using Zeus as a backdoor to access anything else. I promise.

google should take instruction from this.... (0)

Anonymous Coward | more than 2 years ago | (#39476401)

instead of allowing amazon ec2 bots to go click crazy on parked domain names and then google cancels your adsense account while they accuse YOU of clicking on your own ads.

Microsoft and Apple should team together to destroy google. worthless pos evil company

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?