Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Microsoft: No Botnet Is Indestructible

timothy posted about 3 years ago | from the when-st-peter-calls-us-all-out dept.

Botnet 245

CWmike writes "No botnet is invulnerable, a Microsoft lawyer involved with the Rustock take-down said Tuesday, countering claims that another botnet was 'practically indestructible.' Richard Boscovich, a senior attorney with Microsoft's Digital Crime Unit said, 'If someone says that a botnet is indestructible, they are not being very creative legally or technically. Nothing is impossible. That's a pretty high standard.' Instrumental in the effort that led to the seizure of Rustock's command-and-control servers in March, Boscovich said Microsoft's experience in take-downs of Waledac in early 2010 and of Coreflood and Rustock this year show that any botnet can be exterminated. 'To say that it can't be done underestimates the ability of the good guys,' Boscovich said. 'People seem to be saying that the bad guys are smarter, better. But the answer to that is 'no.''"

cancel ×

245 comments

Uhoh (0)

sortius_nod (1080919) | about 3 years ago | (#36691510)

Microsoft just put a challenge up to every botnet maker on the planet.

Thanks Balmer.

Re:Uhoh (1)

PessimysticRaven (1864010) | about 3 years ago | (#36691536)

For the record, nowhere is Balmer even mentioned. At all. Give credit where credit is due: lawyers work very hard to make outrageous and asinine claims. How dare you give the credit to someone else?!

LOL - the silver bullet! (1)

Narcocide (102829) | about 3 years ago | (#36691610)

Brilliant, Microsoft, just brilliant. Fight bot nets by patent trolling them. That will *totally* work.

Re:LOL - the silver bullet! (2, Informative)

hairyfeet (841228) | about 3 years ago | (#36692002)

WTF? Nobody said anything about Ballmer and what was said is common logic. if a machine isn't bricked it can be fixed, end of story. As someone that cleans PCs 6 days a week I can tell you this is a fact and while it is often faster to nuke it isn't the only way to get the job done.

For those that are infected, or are having to clean a friend or relative that is infected MSFT has a nice new free tool to help you out, I tripped over it a couple of weeks back on one of my favorite freeware sites and after giving it a go on a couple of infected boxes I must say they passed multiple subsequent virus scans totally clean. Kinda slow, but for a deep scan that is to be expected. the nice thing is it creates a bootable CD or USB stick so even if the machine is pwned so bad it won't boot you can get in there and clean it up.

It is called Microsoft standalone system sweeper [microsoft.com] and is a really nice tool to add to your toolbox and is 100% free to those with a legal copy of Windows. it has a 32bit and a 64bit but one can burn both CDs on either OS, the bit refers to the infected system not the clean machine. It updates itself when you make the CD/USB, it cleans rootkits and bootbugs, and it don't cost a cent. MSFT should advertise it better but other than that after several uses I have no complaints.

Re:LOL - the silver bullet! (1)

G-forze (1169271) | about 3 years ago | (#36692038)

while it is often faster to nuke it isn't the only way to get the job done

But it's the only way to be sure.

Re:LOL - the silver bullet! (0)

Anonymous Coward | about 3 years ago | (#36692070)

Nice one. I've got a few similar tools (and have even used Edit as an AV tool in Recovery Console) but always interested to try new products. Will see this weekend how well it integrates with my PXE environment.

Re:LOL - the silver bullet! (1)

1s44c (552956) | about 3 years ago | (#36692156)

If you have a PXE environment you can reinstall fast.

Why would you want 80% coverage when you could have 100%?

Re:LOL - the silver bullet! (1)

1s44c (552956) | about 3 years ago | (#36692144)

Reinstalling the infected machine is the only way to get the job done and be 100% sure it has been done. Even if you boot from a clean CD you can't be sure MS's tool with clean everything. Windows doesn't even have a package manager that will let you checksum all files provided by a package so it's all a big mess.

You might get 90% coverage with MSSS on the day it is released but that will go down fast once the bad guys adapt to it.

Reinstall it, put a real firewall in front of it not the MS firewall nonsense, use updated virus scanners, use noscript and flashblock. Never install third party software from anyone you don't totally trust ( which rules out almost everyone. ) It will still be a long way from secure but it's a start. Or even better use a secure OS to start with.

Re:LOL - the silver bullet! (1)

hairyfeet (841228) | about 3 years ago | (#36692270)

While I agree with you 110%, sometimes the customer simply isn't willing to pay the costs of having ALL their data backed up, which on some of these machines can take hours. We are talking multiple users with multiple docs and videos and music and....well that can take a hell of a lot of time.

So you do what you can, you warn them there is no way to be 100% sure, then you do what you have to do. With the economy in the toilet there is a lot of folks out there that simply can't afford my $35 an hour to sit there and back up tons of crap and put it all back. This is why I stress the importance of backups and USB HDDs but if they are coming from another shop? Well sadly i've found most places won't even put any AV on, just get them done and out the door.

But other than I agree with you completely. well except for the firewall, while the XP firewall was shit the Vista/7 firewall is actually pretty nice. For XP users I usually give them Comodo IS which comes with a better firewall, and for Vista/7 I use Avast free. Both work well and help keep the machine clean, along with tossing IE for Comodo Dragon with ABP to keep out the malware carrying ads.

So trust me friend there is nothing I'd rather do than just nuke the thing, but some of these folks haven't done a backup in years. You really don't nuke those without doing a seriously through sweep, after all if you wipe their late grandma's pics which they had NO backup for they won't be happy. Even if I clone the drive you are still talking hours to clean the gunk and reinstall all the files, and as I said that ain't cheap,whereas I can do a cleaning for just $75 as I have much of that automated. I don't really like to do it, but I can't afford to spend a half a day working on a machine for free, I got bills to pay too ya know?

Re:LOL - the silver bullet! (1)

Anonymous Coward | about 3 years ago | (#36692362)

While I agree with you 110%,

When someone agrees with me "110%" I take as an indication that I might need to rethink my position.

So you do what you can, you warn them there is no way to be 100% sure,

See, now when you say that I have to wonder "how much is a mere 100% sure?" It's obviously not completely, since your scale goes to at least 110. It might even be that your scale goes to 600, in which case 100% sure is not very sure at all.

Re:Uhoh (0)

Anonymous Coward | about 3 years ago | (#36691764)

What are you about? Ballmer wasn't even mentioned! I dislike MS as much as the next person but once in a while they do speak some sense, the law of averages says they have to be right some of the time.

The lawyer merely said nothing technical is impossible to beat and he's right. He never said it wasn't going to be hard, a pain in arse, weeks, months or years of work, but you can beat almost anything given the will and effort to do it. When you speak to someone who's beaten cancer then you learn about the will to win and smashing the odds.

You don't think the botnet builders aren't constantly spending their time building a better, more impregnable network? When they have spent so much time already getting it to the stage it has already got to, you don't think they want to ensure that no one can take it away? These dirtbags don't need anymore encouragement, they too already have the drive to want to beat the odds, just like those who are out to get them.

Re:Uhoh (2)

1s44c (552956) | about 3 years ago | (#36692112)

Microsoft just put a challenge up to every botnet maker on the planet.

Thanks Balmer.

A challenge they have already resoundingly lost.

They should just be honest about it and give users a choose to botnets to subscribe to like they were forced to do with web browsers.

Alternate Title (5, Funny)

phantomfive (622387) | about 3 years ago | (#36691542)

Alternate title:
"Microsoft Says: My Botnet is Bigger Than Yours"

Re:Alternate Title (2)

monkyyy (1901940) | about 3 years ago | (#36691566)

well i do believe everyone who uses linux has a duty to dismantle the mircosoft botnet

after all it isnt indestructible

Re:Alternate Title (5, Funny)

Anonymous Coward | about 3 years ago | (#36691662)

I could root you, but i'd have to charge.

Re:Alternate Title (1)

geekprime (969454) | about 3 years ago | (#36691762)

fuck, if only I had mod points!

Re:Alternate Title (0)

Anonymous Coward | about 3 years ago | (#36691908)

Sorry, mod points are not an acceptable form of payment.

Impossible really means nobody knows how (2)

Omnifarious (11933) | about 3 years ago | (#36691544)

While I believe that it's quite easy to remove individual nodes of the 'indestructible' botnet, I can't see a good way it could really be shut down other than by wiping it out node by node. And that's a losing strategy for the 'good guys'.

So, while I agree in principle that the word 'indestructible' is pretty strong, and likely not actually the case, that theoretical fact is useless without a concrete strategy for defeating it.

Re:Impossible really means nobody knows how (1)

phantomfive (622387) | about 3 years ago | (#36691640)

What Microsoft is saying is that it isn't hard, and that they can do it. They are basically mocking the guys who said it was indestructible, and, to put it kindly, saying that "they suck". This is Microsoft throwing down the gauntlet and saying, "we are better than you." Who knows, maybe they are.

Re:Impossible really means nobody knows how (3, Insightful)

Jah-Wren Ryel (80510) | about 3 years ago | (#36691720)

What Microsoft is saying is that it isn't hard, and that they can do it. They are basically mocking the guys who said it was indestructible, and, to put it kindly, saying that "they suck". This is Microsoft throwing down the gauntlet and saying, "we are better than you." Who knows, maybe they are.

The proof's in the pudding. Until they actually do take it down, its all just trash talk.

It doesn't help that its a lawyer doing the trash talking either, it seems all too common for people with law-centric world views to be completely out of sync with a world that operates on the principles of physics.

Re:Impossible really means nobody knows how (3, Insightful)

artor3 (1344997) | about 3 years ago | (#36691822)

Personally, I think that the fact that it's coming from a lawyer makes it more convincing (and frightening). Note that he's saying you need to get legally creative. That sounds like not-so-subtle code for no-knock raids and extraordinary rendition. I don't care how well written your malware is. It's not gonna help you one bit if when a multibillion dollar corporation convinces the Russian police to disappear you and your buddies.

In Soviet Russia (2)

Wrexs0ul (515885) | about 3 years ago | (#36691952)

Botnet shuts-down You!

But seriously, this is scary stuff. I like the idea of a big IT house using the best and brightest to shut-down malware, but who decides what malware is? How are they making money from this?

-Matt

Re:In Soviet Russia (1)

maxwell demon (590494) | about 3 years ago | (#36692430)

Botnet shuts-down You!

But seriously, this is scary stuff. I like the idea of a big IT house using the best and brightest to shut-down malware, but who decides what malware is? How are they making money from this?

-Matt

Nice software you have here. Would be a shame if it were classified as malware ...

Re:Impossible really means nobody knows how (0)

Anonymous Coward | about 3 years ago | (#36692230)

>> The proof's in the pudding. NO! The proof of the pudding is in the eating. Regards, Proverb Nazi.

Re:Impossible really means nobody knows how (1)

Anne Thwacks (531696) | about 3 years ago | (#36691738)

Who knows, maybe they are.

Please can I have one of your flying pigs.

Re:Impossible really means nobody knows how (1)

Nikker (749551) | about 3 years ago | (#36692106)

What difference does it make both operate using the same tool set. Microsoft sends out updates via untrusted networks to verify system files and attempts to rectify compromised files. Bot-nets will get you through security issues, 0-day attacks and click happy users.

Neither of them will win.

Re:Impossible really means nobody knows how (2)

1s44c (552956) | about 3 years ago | (#36692194)

What Microsoft is saying is that it isn't hard, and that they can do it. They are basically mocking the guys who said it was indestructible, and, to put it kindly, saying that "they suck". This is Microsoft throwing down the gauntlet and saying, "we are better than you." Who knows, maybe they are.

If Microsoft were better than the botnet people the botnets would not exist in the first place.

Re:Impossible really means nobody knows how (1)

WrongSizeGlass (838941) | about 3 years ago | (#36692354)

This is Microsoft throwing down the gauntlet and saying, "we are better than you." Who knows, maybe they are.

Are you saying Microsoft is going exploit an un-patched security hole in Windows and infect the infected computers with the antidote? Hmm ...

Balmer: I've got your antidote right here, and that antidote is more cowbell! [youtube.com]

Re:Impossible really means nobody knows how (1)

wvmarle (1070040) | about 3 years ago | (#36691684)

Indeed, in this case I have to agree fully with Microsoft. That doesn't happen so often.

Of course no botnet is indestructible. Nothing is indestructible. Microsoft themselves are not indestructible, our planet is not indestructible. They're just really strong. Same accounts apparently for this new botnet. It's strong: hides itself really well, uses decentralised command and control, etc. Probably it doesn't even incorporate all weapons botnet makers have at their disposal, and their arsenal is growing. Like the arsenal of the anti-malware makers as well, of course.

As there is nothing centralised, you will have to go after individual nodes. And there is probably no automatic way possible (well not legally/morally at least) to do this. Though I would expect there can be ways to find a technical solution to detect the presense of this piece of malware, and with it to clean it up, node by node. But it will be really hard.

One of the ways this may be blocked at a higher level would be on an ISP level to monitor traffic to and from subscribers, and filtering out suspected traffic (e.g. blocking the IP port the malware uses to communicate; or if that's a common one like 80 use deep packet inspection to stop botnet traffic). Though that has quite some other legal and moral issues related to it, of course.

Re:Impossible really means nobody knows how (2)

Angostura (703910) | about 3 years ago | (#36691752)

Not only that. I find myself in full agreement with a Microsoft lawyer. Oh what a world!

Re:Impossible really means nobody knows how (1)

scdeimos (632778) | about 3 years ago | (#36691814)

Probably it doesn't even incorporate all weapons botnet makers have at their disposal, and their arsenal is growing. Like the arsenal of the anti-malware makers as well, of course.

True, but anti-malware makers are always going to be behind the eight-ball for two reasons: (1) they will always be reactionary, and (2) they can't break a computer to "save it" whereas the malware makers don't mind a few casualties.

Re:Impossible really means nobody knows how (0)

Anonymous Coward | about 3 years ago | (#36691898)

legally/morally? Since when did that ever stop anything.

Re:Impossible really means nobody knows how (1)

digitig (1056110) | about 3 years ago | (#36692068)

Oh, what Microsoft said was right -- just irrelevant. The claim wasn't that the botnet was indestructible, it's that it was practically indestructible. That word makes a lot of difference.

Re:Impossible really means nobody knows how (1)

monkyyy (1901940) | about 3 years ago | (#36691688)

hmmmm not knowing much of the details i`d say first finding the creator (lurking hacking forums?) getting his password (cracking is probably out of the question, so a keylogger) then from his computer update the virus to either delete itself or attack its self, if possable; otherwise send out easy to run cd to fix the problem and hope most people run it, so the botnet cant be taken by someone else

Re:Impossible really means nobody knows how (1)

Biff Stu (654099) | about 3 years ago | (#36691858)

That's more-or-less how I see it. On the security side, no matter how good the encryption and overall infrastructure, you always need to worry about the dumbass in the middle attack, i.e., social networking. In the case or organized crime, they are vulnerable to the same tactics that are used to dismantle "brick and mortar" crime organizations. Do some good detective work, catch someone in the organization who knows enough and is ready to rat everyone else out for some leniency, and you can take the botnet down along with the bad guys.

Re:Impossible really means nobody knows how (1)

Tasha26 (1613349) | about 3 years ago | (#36691734)

Haha, if Microsoft was a biotech, the title would read "No Cancer is Indestructible." Maybe they should learn from the past, how arrogance has cost them a lot.

Re:Impossible really means nobody knows how (2)

shentino (1139071) | about 3 years ago | (#36692216)

What can be done to stop cancer, and what is practical, are two separate things. And it's not all biology and chemistry, either.

Consider also that a real cure for cancer would ruin the market for chemotherapy, among other things, and I have to ask.

Besides lucrative one time sales, what incentive do pharmaceutical companies have to actually cure cancer? Once someone is cured, they are no longer a patient.

Re:Impossible really means nobody knows how (0)

Anonymous Coward | about 3 years ago | (#36691924)

I don't think it would be that hard to come up with a bot that was logistically impossible to decapitate without already having the author in custody... of course I'm also not one of the bad guys and my experience dealing with the bad guys leads me to believe that they are mostly retards that can't code their way out of a paper bag.

Re:Impossible really means nobody knows how (1)

1s44c (552956) | about 3 years ago | (#36692188)

And that's a losing strategy for the 'good guys'.

Microsoft? Lawyers? Botnet herders? Windows users who don't care about the imact of their lack of security?

There are no good guys in this story.

Yeah.. (1)

mybeat (1516477) | about 3 years ago | (#36691548)

I'm agree with the whole nothing is impossible thing, but if bad guys were dumber it wouldn't take smart guys so much time to take out a botnet in the first place would it?

Re:Yeah.. (1)

shentino (1139071) | about 3 years ago | (#36692324)

It's more like the good guys are handicapped in that they have to follow the law, whereas the bad guys have no such restraints.

Botnets would be much easier to take down if white hats were allowed to hijack them and make them self destruct.

Nuke the internet tubes from orbit! (0)

Anonymous Coward | about 3 years ago | (#36691558)

It's the only way to be sure.

The Snow Leopard partition still works (-1)

Anonymous Coward | about 3 years ago | (#36691560)

I've got an iMac with a Windows 7 partition and a Snow Leopard partition. A redirection trojan still has the Win 7 partition largely bricked for internet usage while the Snow Leopard part is fine. I have all the Windows security turned on and I have done all the updates and it's still bricked. Sorry but Windows sucks for security!

Re:The Snow Leopard partition still works (0)

Anonymous Coward | about 3 years ago | (#36691736)

cool bro thx 4 sharing

Re:The Snow Leopard partition still works (1)

SleepyHappyDoc (813919) | about 3 years ago | (#36691794)

"bricked for internet usage"

WTF does that even mean?

Re:The Snow Leopard partition still works (1)

RyuuzakiTetsuya (195424) | about 3 years ago | (#36691994)

Stop trying to bait APK/HOSTS file guy. You're not any good at it.

Re:The Snow Leopard partition still works (1)

Nikker (749551) | about 3 years ago | (#36692116)

Hey, I have the entire public IPV4 address space in my hosts file you insensitive clod!

Strictly speaking... (0)

Anonymous Coward | about 3 years ago | (#36691562)

...He's right. Theoretically, we could nuke the earth from orbit, destroying all botnets. (and life) It's always a question whether it's worth it not.

I draw parallels to the illegal file-sharing issue: it's possible we could stop piracy dead in the water (pun intended) by monitoring and analysing everyone's transmitted information, everywhere, outlawing and banning cryptography from our networks etc... but would we want to?

In fact, I dare say that if we can't/won't stop illegal file-sharing, (and I think we can't/won't) we can't/won't stop botnets.

Re:Strictly speaking... (0)

Anonymous Coward | about 3 years ago | (#36691578)

it's possible we could stop piracy dead in the water (pun intended) by monitoring and analysing everyone's transmitted information, everywhere, outlawing and banning cryptography from our networks etc... but would we want to?

We are doing it already.

Regards,
The NSA.

Cockroach analogy (1)

Mathinker (909784) | about 3 years ago | (#36691602)

Damn, you more or less beat me to the obvious parody / analogy: "We can exterminate all cockroaches".

Re:Strictly speaking... (1)

Lanteran (1883836) | about 3 years ago | (#36691700)

Great, you're giving the MAFIAA ideas!

Re:Strictly speaking... (1)

rohan972 (880586) | about 3 years ago | (#36692032)

Theoretically, we could nuke the earth from orbit, destroying all botnets. (and life) It's always a question whether it's worth it not.

The claim made is that "no botnet is indestructible, any botnet can be taken down". You appear to have misread that as "we can take down all botnets, eliminating them so that there are no botnets in existence. These are very different claims.

They lost me. (0)

Anonymous Coward | about 3 years ago | (#36691568)

Microsoft and bot net operators... sorry, I am lost. Where are the good guys that were mentioned?

Re:They lost me. (1)

c0lo (1497653) | about 3 years ago | (#36691626)

Microsoft and bot net operators... sorry, I am lost. Where are the good guys that were mentioned?

They're characters of the legends and folklore... the mention was ""To say that it can't be done underestimates the ability of the good guys," (like in "the abilities of the good guys must never be underestimated" they are demi- or full-time Gods or at least Spiderman).

Re:They lost me. (0)

Anonymous Coward | about 3 years ago | (#36691798)

I think the good guys were the government. *snicker*

Re:They lost me. (0)

Anonymous Coward | about 3 years ago | (#36692264)

They were implied: UNIX operators of course.

spoken by a lawyer (0)

Anonymous Coward | about 3 years ago | (#36691570)

Nothing is impossible, eh? Lets try shifting the domain to something that lawyer might know about.

All crimes are solvable. All criminals are found guilty. All innocents are acquitted. All lawyers engage their brains every time before they open their mouths.

Oh and of course, the obligatory all Cretans are liars.

Does anyone know (1)

phantomfive (622387) | about 3 years ago | (#36691574)

Another question, does anyone know when and why Microsoft decided to start taking on hackers? Do they get something out of it?

Re:Does anyone know (1)

monkyyy (1901940) | about 3 years ago | (#36691614)

better image for windows, and probably a small legal reason in a few places

Microsoft in Secret Defence Contract with NSA? (0)

Anonymous Coward | about 3 years ago | (#36691630)

Probably some secret defence contract deal to bring the anti-terrorist cyber warriors of USA into every Windows installation on the planet that secretly protect the Internet and USA against Anonymous.

They will get an even worse reputation otherwise (1)

dbIII (701233) | about 3 years ago | (#36691696)

Since malware is currently a Microsoft only problem there is a direct benefit to them to deal with it. Various fanboys will pretend they are unable to read the word "currently" so I'll add it again and pre-empt the crap about Apple, Linux, Solaris, Irix, AIX, BeOS, Amiga, Plan 9 or Atari being potentially vunerable sometime by saying the malware that is rampant NOW is more imporant than theoretical or historical threats.
Taking increased measures against malware doesn't really require a lot of resources and is definitely to their benefit.

Re:Does anyone know (0)

Anonymous Coward | about 3 years ago | (#36691724)

Do you?

Re:Does anyone know (0)

Anonymous Coward | about 3 years ago | (#36691964)

Probably to pave the way for "anti-hacking" measures in future Windows versions.

"we're tracking your every keystroke to prevent hacking because we care about you, our customer. Its really not any privacy concern. Oh dear you typed 'linux' into your web browser and linux is a highly contagious desease to your computer" (redirects to microsoft propaganda website)

trapdoor function (2)

epine (68316) | about 3 years ago | (#36691608)

It's not just a question of intellect if one party is on the easy side of the trap door function, and their adversary isn't.

Given Microsoft's traditional shortcomings in mental subtlety, I'm not eager to concede they've properly thought this position through.

Just wait until bitcoin merges with the global ad hoc network. Even Microsoft will gulp at the rental fees on a fully commissioned Death Star.

Oh...fucking....shit. (0)

Anonymous Coward | about 3 years ago | (#36691632)

Uh oh, now they've gone done it.

Legally creative? (0)

Anonymous Coward | about 3 years ago | (#36691648)

As in "This is not a POW; this is an enemy combatant" legal creativity?

To be honest, "Legally creative" are words I never want someone with power to utter.

Vanity, one of the capital sins (0)

Anonymous Coward | about 3 years ago | (#36691652)

They surely like to think about themselves as being the "god guys".

Commandments (0)

Anonymous Coward | about 3 years ago | (#36691656)

20:16 Thou shalt not bear false witness against thy neighbour.

20:17 Thou shalt not covet thy neighbour's house, thou shalt not covet
thy neighbour's wife, nor his manservant, nor his maidservant, nor his
ox, nor his ass, nor any thing that is thy neighbour's.

God says...
fiercely blending attended qualities under

If "Nothing is impossible"... (0)

Anonymous Coward | about 3 years ago | (#36691702)

Then creating an indestructible botnet is possible, right?

Re:If "Nothing is impossible"... (1)

maxwell demon (590494) | about 3 years ago | (#36691810)

Then creating an indestructible botnet is possible, right?

Yes, but under that premise destructing an indestructible botnet is possible, too.

Re:If "Nothing is impossible"... (1)

tagno25 (1518033) | about 3 years ago | (#36692272)

If someone make a self replicating botnet w/o C&C it could be indestructible. Make it look at chat streams from victms for domains to DDoS, then distribute that via a p2p network using port 443 (and 22) and self signed certs. Every node then attacks the most common one in a 2 hour period, and then ignores that domain for up to one month.

They know what they're talking about... (0, Troll)

anti-pop-frustration (814358) | about 3 years ago | (#36691706)

Microsoft: No Botnet Is Indestructible

They should know, they created most of them.

Re:They know what they're talking about... (0)

Anonymous Coward | about 3 years ago | (#36691936)

So are you saying that by creating the botnet operating system, that they're somehow responsible for creating the botnets themselves? That's a little unfair IMO.

funny attorney (0)

Anonymous Coward | about 3 years ago | (#36691712)

> 'People seem to be saying that the bad guys are smarter, better. But the answer to that is 'no.''"

That was not a question.

What they really want to say (1)

drolli (522659) | about 3 years ago | (#36691726)

As long as we control the IT desktop monoculture it will be always a better investment for botnet operators in searching new holes than in hardening their botnets.

lolwut? Microsoft Digital Crime Unit what? (1, Funny)

lexsird (1208192) | about 3 years ago | (#36691770)

Oh I want to know more about these guys...lol /popcorn

And it is (1, Insightful)

JustOK (667959) | about 3 years ago | (#36691780)

Microsoft Windows et al IS the botnet.

Re:And it is (0)

HetMes (1074585) | about 3 years ago | (#36691926)

Yes, this type of comment always goes down well with the Slashdot crowd. Nevertheless, it is time you move away from your Win98 machine and enter the real world.

Re:And it is (3, Funny)

JustOK (667959) | about 3 years ago | (#36691984)

I'm still waiting for it to finish shutting down.

Windows 7 checks in with M$ so he thinks yes (4, Informative)

NSN A392-99-964-5927 (1559367) | about 3 years ago | (#36691802)

Let me start by saying every time you boot your system on Windows 7, data is sent to Microsoft to check whether your are online and for internet connectivity.

Now although you probably never gave it a second thought. NCSI is an active tool used by Microsoft to lead Boscovich to these comments.

I am not sure if this has been posted on /. before however this url http://blog.superuser.com/2011/05/16/windows-7-network-awareness [superuser.com] maybe makes Boscovich feel all warm and fuzzy inside as they can do more with NCSI and cut out botnets. This can be defeated as in the URL above.

Whilst I am on a roll, http://www.microsoft.com/industry/government/solutions/cofee/default.aspx [microsoft.com] is nothing special the commands in COFEE with some extra switches are;

arp.exe -a
at.exe
autorunsc.exe
getmac.exe
handle.exe -a
hostname.exe
ipconfig.exe /all
msinfo32.exe /report %OUTFILE%
nbtstat.exe -n
nbtstat.exe -A 127.0.0.1
nbtstat.exe -S
nbtstat.exe -c
net.exe share
net.exe use
net.exe file
net.exe user
net.exe accounts
net.exe view
net.exe start
net.exe Session
net.exe localgroup administrators /domain
net.exe localgroup
net.exe localgroup administrators
net.exe group
netdom.exe query DC
netstat.exe -ao
netstat.exe -no
openfiles.exe /query/v
psfile.exe
pslist.exe
pslist.exe -t
psloggedon.exe
psservice.exe
pstat.exe
psuptime.exe
quser.exe
route.exe print
sc.exe query
sc.exe queryex
sclist.exe
showgrps.exe
srvcheck \127.0.0.1
tasklist.exe /svc
whoami.exe

Awww how 31337 M$

Good guys? (0)

niftydude (1745144) | about 3 years ago | (#36691806)

'To say that it can't be done underestimates the ability of the good guys,' Boscovich said. 'People seem to be saying that the bad guys are smarter, better. But the answer to that is 'no.''"

This might be true - but the underlying assumption is that Microsoft has some of the good guys working for them... Microsoft seems to be chock full of barely competent guys these days. And the bad guys are easily smarter and better than those.

Easy! (0)

Anonymous Coward | about 3 years ago | (#36691834)

Go for the people behind it!

The number of people writing bots and controlling them much be fairly limited, so just take them out. Yes, I do mean to hunt them down and kill them. That way they're permanently out of the picture, and it is most likely the rest will run and hide when the elimination starts, never again to be involved with botnets... Problem solved. If the action triggers some reaction from the crime organizations behind them, just take them out too. Let them lean that they're neither untouchable nor indestructible... Problem solved.

Boscovich is an idiot (0)

Anonymous Coward | about 3 years ago | (#36691838)

I would accept as an axiom that the bad guys are smarter, better. How else does one explain the world today ?

Then DRM cannot be indestructible either (0)

Anonymous Coward | about 3 years ago | (#36691844)

Is not the problem of securing botnets and DRMed media similar? For both, the "key" (the vital secret for (d/en)cryption) is on untrusted hardware. By that I mean hardware not directly under the supervision of botnet/DRM personnel. In my mind, that is the weakness of both.

Would TCP (trusted computing platforms) be the only end to botnets? I'm all for TCP if it could never be used to secure the hardware against me, the owner of the hardware.

"false whitness" is accurate (0)

Anonymous Coward | about 3 years ago | (#36691854)

20
I tell you, unless your righteousness surpasses that of the scribes and Pharisees, you will not enter into the kingdom of heaven.
21
15 16 "You have heard that it was said to your ancestors, 'You shall not kill; and whoever kills will be liable to judgment.'
22
17 But I say to you, whoever is angry 18 with his brother will be liable to judgment, and whoever says to his brother, 'Raqa,' will be answerable to the Sanhedrin, and whoever says, 'You fool,' will be liable to fiery Gehenna.
23
Therefore, if you bring your gift to the altar, and there recall that your brother has anything against you,
24
leave your gift there at the altar, go first and be reconciled with your brother, and then come and offer your gift.
25
Settle with your opponent quickly while on the way to court with him. Otherwise your opponent will hand you over to the judge, and the judge will hand you over to the guard, and you will be thrown into prison.
26
Amen, I say to you, you will not be released until you have paid the last penny.
27
19 "You have heard that it was said, 'You shall not commit adultery.'
28
But I say to you, everyone who looks at a woman with lust has already committed adultery with her in his heart.
29
20 If your right eye causes you to sin, tear it out and throw it away. It is better for you to lose one of your members than to have your whole body thrown into Gehenna.
30
And if your right hand causes you to sin, cut it off and throw it away. It is better for you to lose one of your members than to have your whole body go into Gehenna.
31

God says...
conceives cleaveth rejoices injurious callest approach
salted turning settling effaced finds sin replacement
babes dive studied corrupting walls bared last dying restest
forget fault ere bottomless embraces wherein heal Or ghastly
file basket fluctuating Vindicianus diversely mystically
saved abase random actual smiling bows enmities shonest
back companion soul ludicrous grossness old devour ostentation
unalterable battle stones recent shameful conventionally
forefathers admirable rapture contradicting sometime qualified
subsists knocking deliberating close Sacraments reading
arrived Project's Book useful allowed comprised intellectual
aim satiated gnashed easeful asking Deceased buzzed ruminate
unchangeably blending Spiritual wild elders

from a linux user (0)

Anonymous Coward | about 3 years ago | (#36691902)

what's a botnet?

It's always easier to destroy than to build... (1)

FauxReal (653820) | about 3 years ago | (#36691920)

I suppose much like there's no 100% secure server there's no 100% invincible botnet. It's almost always easier to destroy than to create/build something.

mod Oup (-1)

Anonymous Coward | about 3 years ago | (#36691932)

Fun to be again. itself backwards, irc.s3csup.org or Of challenges that lesson and Problem stems of OpenBSD versus guests. Some people

Kill the botnet herders and hang them upside down! (0)

Anonymous Coward | about 3 years ago | (#36692006)

The best way to kill a botnet is to kill the botmasters. Follow the money trail to them and get rid of them extrajudically.

Why should hackers be immune? Are they different from the taliban, who are getting UAV-launched guided missiles up their rear orifice on a daily basis in Afghanistan? Sir Isaac Newton stopped forgery of money by hanging a bunch of the culprits in London streets. Muslims cut off the hand of thieves.

Act harsh unilaterally, oh Free World and the nasty Russia, China, Brazil will soon learn that they better put away their hackers into prison labor camps on their own accord, rather then wait for US missile strikes to occur. Be brave bold eagle, let freedom ring with the bang of explosives and not just on the 4th of July!

Re:Kill the botnet herders and hang them upside do (1)

1s44c (552956) | about 3 years ago | (#36692240)

The best way to kill a botnet is to kill the botmasters. Follow the money trail to them and get rid of them extrajudically.

You are clearly insane. The best way to fix a problem is to prevent it from happening in the first place by fixing the dodgy software that some people insist on using.

Going on a killing spree is just going to get the wrong people murdered and not even fix the problem in the process.

nt (1)

shentino (1139071) | about 3 years ago | (#36692012)

Botnets, like most criminal enterprises, have a distinct advantage in that the perpetrators consider themselves above the law.

Their biggest strength is their willingness to exploit weaknesses and perform actions not available to law abiding citizens. The are not, for example, averse to hijacking PCs, hooking up with shady providers, or even flaunting international borders and strongholding in countries like Iran that are outright hostile to US interests and could actually be anywhere from indifferent to outright supportive of their actions.

They are also able to move faster than law enforcement in many cases since they are not fettered by the courts or other bureaucratic machinations. If they want to relocate their CC servers, pass their holdings to someone else, or even shut down completely, they just do it, and they don't have to wait around for a court order or a subpoena to do it either.

Thanks, but everybody already knows! (1)

WoodenKnight (895480) | about 3 years ago | (#36692026)

Zaphod-AVA essentially summed it up @ http://it.slashdot.org/comments.pl?sid=2282088&cid=36618244 [slashdot.org] on June 30.

And Ram Herkanaidu, a Kaspersky Lab Expert confirmed it @ http://www.securelist.com/en/blog/516/TDL_4_Indestructible_or_not [securelist.com] on July 4 that they do not believe the botnet is indestructible. Ram tried to downplay the sensationalist headline of it being indestructible by pointing out that they had used inverted comas around the word.

But almost anybody even remotely interested in computing can probably guess and those who are into encryption can state for a fact that nothing in this "virtual world" is indestructible --- things only get a little difficult.

So this is pretty much a lot of noise over the intended wit of an analyst.

Surprisingly senisble, unexpected source (1)

Whuffo (1043790) | about 3 years ago | (#36692056)

The recent media hyperventilation over "indestructible" malware that hides in the master boot record and requires a wipe and reload of the OS to fix - who writes this stuff, and did they ask anyone who knows anything about it? Apparently not.

:

Oh noes; I've got a bad thing in my MBR; what shall I do? Tip: boot to command line (F8 at boot time) and a quick FDISK /MBR will take care of it. So much for that indestructible bullshit...

Re:Surprisingly senisble, unexpected source (1)

1s44c (552956) | about 3 years ago | (#36692254)

Oh noes; I've got a bad thing in my MBR; what shall I do? Tip: boot to command line (F8 at boot time) and a quick FDISK /MBR will take care of it. So much for that indestructible bullshit...

You can't trust fdisk to do the right thing if your machine has already loaded who knows what malware. You need to boot off a clean CD.

Re:Surprisingly senisble, unexpected source (1)

Inf0phreak (627499) | about 3 years ago | (#36692344)

Yes, you know that. But Joe Average doesn't. Any strategy aimed at defeating botnets that use rootkit techniques has to be aimed at the net itself. Fighting against individual infections is too inefficient and is a losing strategy.

They are right, but why do they need to say it? (2)

gweihir (88907) | about 3 years ago | (#36692074)

I think the meme of the "indestructible botnet" is just marketing, and people trying to make them or their research more important than it is. The sad thing is that the public seems to believe this nonsense.

In practice, there are problems and killing a large botnet can be difficult. However, once you throw enough resources at the problem. it becomes entirely feasible.

Correction (1)

aaaaaaargh! (1150173) | about 3 years ago | (#36692100)

'To say that it can't be done underestimates the ability of the "good" guys,' Boscovich said.

There, fixed that for Boscovich.

Re:Correction (0)

Anonymous Coward | about 3 years ago | (#36692282)

'To say that it can't be done underestimates the ability of the good guys,' Boscovich said."

So, what was "fixed"?

Re:Correction (0)

Anonymous Coward | about 3 years ago | (#36692406)

I don't "know."

Good Guys (1)

Dracos (107777) | about 3 years ago | (#36692180)

If the "good guys" in Redmond really were so smart, there wouldn't be botnets in the first place.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...