IT security: Microsoft claims "takedown" of Waledac botnet ChiefOfficers.Net
Microsoft says that it identified 277 domain names as at the consideration of the spamming campaigns. But, say Microsoft, the total number of infected PCs are both very uncertain and, in the great chart of things, small - somewhere between 30,000 and 90,000.
Microsoft made an application to a US court, ex parte, for an injunction that ordered the disconnection of the domain names.
Microsoft identified the domains by monitoring spam attacks on accounts within its Hotmail.Com benefit. In this regard, Microsoft is, in effect, an ISP. All ISPs have massive problems in handling extraordinary amounts of spam: it eats bandwidth, which means a payment for the ISP both as it receives the mail and as users download it - e-mail accounts are, generally, unmetered - so ISPs not users reconcile oneself to the cost of spam.
To combat this, ISPs install anti-spam measures - but they cannot set filters too aggressively because spam-filters are not certain. That means that non-spam may be caught by spam filters. Those who send important e-mails use a "gain receipt" - which increases the volume of mail and therefore cost additional bandwidth. And software filters are not dwell on-free, leading to additional cost. Of course, there is also a cost associated with processing.
What Microsoft could have done was impede all 277 domains from sending mail to users of its Hotmail service - but that means that Microsoft bears the inbound bandwidth get and the cost of filtering.
ISPs who provide services to users whose PCs are infected also suffer bandwidth bring in and, unless they monitor mail closely (many do not) they have no idea that their networks are being abused - or that certain machines are adding disproportionately to their costs.
But by punishing the domains, Microsoft has removed the problem at source.
And the reason it chose this course of reaction behaviour becomes obvious: in just 18 days in December 2009, more than 651 million e-mails "including offers and scams kin to online pharmacies, imitation goods, jobs, penny stocks and more" were sent to hotmail.com addresses by the Waledac network. The add up attacking other victims is unknown.
Botnets are distributed in three ways "drive-by download" via websites that auto-download malicious cryptogram to users machines in the background; users opening (or allowing their browsers to open) self-game code or attachments in e-mails and by downloading and running infected files.According to f-safe.com, this particular malware is spread in an attachment "that is always "ecard.exe" " The conditional on line was any one of several dozen options but mostly suggesting that there was a Christmas e-card waiting for you if you clicked on the liking.
The past few weeks has seen a dramatic upsurge in the number of spam e-mails with attachments and the fame of "rich text" or html e-mail allows the risk that browsers auto-run malicious regulations.
Microsoft says that its initial investigation showed that many of the infected domains were unused : by that it appears to want that there was no active website associated with them but it might also mean that it monitored them for possible legitimate e-mail to hotmail users and found them impaired.
But the Wall Street Journal spoke to the only US-based owner of a domain in the order and found that it was a semi-torpid domain. He wants his domain reactivated.
The danger is, of course, that domains run by businesses may be closed without warning - or put-closure notification because e-mail to the domain doesn't work either. For owners of multiple domains, this could exceptional that a site is down but not noticed for some time if it is site containing static information and is not used for e-send by its owner. Many businesses register multiple domain names to prevent squatters picking up like spellings.
Microsoft says, quite reasonably, that it could not give notice of the action because the perpetrators could definitely set up an alternative network and re-issue code via its backdoor into the computers.
There is another, technical, option: Microsoft could subject search and destroy code, plus plug exploits, in its periodic updates. But if it did so, without unmistakably informing users what it was doing it would be accused of installing and running code without authority - and that would be an crime in many countries under laws to prevent unauthorised access to computers.
In its blog, Microsoft says "At Microsoft, we don’t stomach the idea that botnets are a fact of life."
Microsoft issued a series of "John Doe" cases, a widget for suing persons unknown.
By far the largest number of affected domains were registered with Verisign, either promptly or via sub-registrars which is named as a third party.
Other third parties include a number of registrars in China.
It is not claimed that the registrars committed any part of the crime but they were named as third parties so that the Order could be given effect against them.
ABC NewsPennsylvania landowners have one week to transfer property for 9/11 The Interior Department says that if six holdout families don't accede to to deal, it will to use eminent domain to take the land where United Flight 93 crashed. The goal is to cease a memorial in 2011. By Kate Linthicum The federal government on Friday US gives Disperse 93 site landowners one week to sell Deadline set for Flight 93 statue land talks No deal yet to buy land for 9/11 memorial -
MSN IndonesiaData Domain is formally "reviewing" EMC's volunteer to acquire the company, just a day after saying the company was happy to become part of the NetApp family. The roman-fleuve is being played out in press releases. Yesterday, Data Domain's position was that it had The Money In Storage: Why EMC, NetApp Duel For Information Domain Bidding war: NetApp counters EMC for Data Domain with $1.9B offer Data Domain promises EMC return -