

Microsoft Leads Sting Operation to Disrupt Zeus Botnets - Bud
http://www.securityweek.com/microsoft-and-partners-disrupt-zeus-botnets-sting-operation

======
DanBC
Zeus source has been released, and people say that Citadel is one result.

There's some odd things about the botnet creators; they're doing a SaaS model;
the software comes with release notes and a licence agreement; and they have a
social network so people can suggest improvements.

([http://blog.seculert.com/2012/02/citadel-open-source-
malware...](http://blog.seculert.com/2012/02/citadel-open-source-malware-
project.html))

Here's a piechart (IT IS AWFUL. I didn't create it.) showing infection rates
per country of Citadel.

([http://3.bp.blogspot.com/-rL0YPxLvhHw/TzLb31lbmXI/AAAAAAAAAE...](http://3.bp.blogspot.com/-rL0YPxLvhHw/TzLb31lbmXI/AAAAAAAAAEs/VUE5fuNvv0A/s1600/citadelstats.png))

I got that from this thread, which has a bunch of interesting malware links.

(<http://forums.spybot.info/showthread.php?t=64861>)

------
joshuahedlund
I'm finding the details of this operation to be very fascinating, but I'm also
rather conflicted about it. It seems like Microsoft is doing a lot of good
going on the offensive against these troublemakers, but I'm also concerned
about abuse and collateral damage. I don't know enough yet to know if those
concerns are unfounded or not.

~~~
xpaulbettsx
I don't believe there is any collateral damage - they are seizing machines
specifically being used by criminals, and when possible, taking control of the
botnet and instructing it to destroy itself on the infected machines (i.e.
removing the infection).

------
majmun
Remember when they shut down conficker? when they disabled gazzillion of c&c
domains.

------
packetslave
Obviously, one less botnet is a good thing, but does anyone else see a problem
with Microsoft "raiding" companies and "seizing" equipment? What legal
justification does a private corporation have to act like a law enforcement
agency?

The articles I've seen use language like "accompanied by" or "escorted by" US
Marshals. Shouldn't this be the FBI or Secret Service doing the raiding and
seizing, _maybe_ with Microsoft providing technical consulting?

------
joe_the_user
Maybe I'm being pedantic but the article misuses "sting". The action seems to
have simply been a seizure of critical botnet infrastructure, using some
information secretly gathered in court, but a sting is "a deceptive operation
designed to catch a person committing a crime".

<http://en.wikipedia.org/wiki/Sting_operation>

------
namidark
They would make the video at the end use silverlight

------
spoiledtechie
Im so disappointed....

That this community has such a harsh opinion against MSoft.

Case and point, they do something that will save consumers and businesses
alike millions of dollars, yet they only receive 10 points on HN.

While an opinion article punishing MSoft here: "I Won The Windows Phone
Challenge, But Lost 'Just Because'" (skattertech.com) received well over 360
points for MSoft and more than 60 comments.

Its disappointing how much negativity has been casted on MSoft, when they are
tried exceedingly hard to change both their image and their practices from the
old days.

And of course, ill probably be voted down for this.

~~~
dchest
This post has only 2 comments (both from you) and you already managed to start
a flamewar. Please don't.

