

Microsoft shuts down giant Rustock spamming network - hanifvirani
http://blog.seattlepi.com/microsoft/2011/03/17/microsoft-shuts-down-giant-rustock-spamming-network/

======
spoiledtechie
Huge win for the M Team. Happy to see MSoft is still trying their best to
protect their customers. I imagine money spent to do it this way was much
cheaper than removing this content from users computers world wide.

They probably found it pretty simple after shutting down Waledac earlier. Same
team, different target.

~~~
gm
Actually, it was very different. A quote:

"However, Rustock’s infrastructure was much more complicated than Waledac’s,
relying on hard-coded Internet Protocol addresses rather than domain names and
peer-to peer command and control servers to control the botnet."

Read the whole thing at
[http://blogs.technet.com/b/microsoft_on_the_issues/archive/2...](http://blogs.technet.com/b/microsoft_on_the_issues/archive/2011/03/18/taking-
down-botnets-microsoft-and-the-rustock-botnet.aspx)

~~~
barista
This should be made into a movie

~~~
kprobst
"The Asocial Network"

------
drdaeman
Weird. I thought modern botnets are P2P, with control nodes disguised as
ordinary infected machines.

Well, it's nice that this was not the case.

~~~
Locke1689
Most of the advanced ones are. They're also mostly using overlay network
topologies, which can be hard to distinguish from other P2P traffic and forms
a considerable amount of resiliency. Just turns out that this was one of the
older, more primitive botnets.

------
azim
Senderbase has some interesting spam statistics which are reported from
Cisco/IronPort security appliances around the world. After today is over and
the stats are calculated, there might be some interesting data.

<http://www.senderbase.org/home/detail_spam_volume>

------
rbanffy
To be fair, Microsoft made the Rustock spamming botnet possible.

~~~
josephcooney
In what way?

~~~
rbanffy
Do you honestly believe market share is the only reason we don't see malware
for other platforms?

I can assure you the zillions of Linux servers you see sitting unattended for
years on very fat pipes are really attractive targets. Yet, you don't hear
about server botnets... There must be a reason for that.

~~~
daeken
These "unattended" servers have far, _far_ fewer security mechanisms in place
than even XP SP2. If someone _wanted_ to target them, they would. However,
it's insanely easy to find Windows machines, which is all that's important for
botnets. It's not hard at all to take over either an unpatched Linux machine
or an unpatched Windows machine, but volume is all that counts here. You want
hundreds of thousands (sometimes millions) of machines to send spam from.

Market share is _all_ that matters here, not technology at all.

~~~
rbanffy
> servers have far, far fewer security mechanisms in place than even XP SP2

According to your reasoning, IE6 is the most secure browser because it has the
most security patches. If you have fewer vulnerabilities to start with, you'll
end up with fewer, simpler (and thus more reliable) security mechanisms.

Windows has improved a lot. I suppose 2008r2 is reasonably secure and should
be able to stay secure when exposed to the net, but the internal complexity of
its security mechanisms is huge and, therefore, a lot can go wrong.

~~~
daeken
Except that mechanisms like DEP, ASLR, heap cookies, etc are being applied to
all systems. Why? Because _all_ of these OSes are vulnerable to the same
classes of flaws.

Since XP SP2, Windows has led the way in protecting code itself. Linux is
largely on par these days, with OS X trailing way behind (they're playing
catch-up now).

As far as complexity, I _strongly_ recommend you actually look at the
protections in place. Those on Windows are significantly simpler (and more
effective) than those on Linux, as of Windows Vista. The new heap, the
simplified ASLR, etc all made things considerably simpler and harder to
attack.

~~~
rbanffy
> all of these OSes are vulnerable to the same classes of flaws.

They are. It's an unavoidable fact of life for the kind of computer we use
(read x86 PC). But don't confuse being potentially vulnerable to a type of
attack to actually being vulnerable to a specific attack of this type. In
order to be vulnerable, you not only have to, say, allow a user-mode program
to write on a page marked as executable (something I remember some high-end
processors from the late 80's could prevent) but you actually must have a
buffer overflow to go with it. Unless both conditions are met, you are not at
risk.

As far as actual complexity of the implementations are concerned, I can't
evaluate Microsoft's, as the implementation is secret. I cannot, however,
imagine how the Windows implementations can be simpler, for Windows is a much
more complex operating system than either Linux or *BSDs. As alexandros
pointed out, a larger surface means more to defend.

------
pkananen
Best thing Microsoft has done in years? ;)

~~~
Bud
Best thing since Kinect, and, before that, DOS 4.0!

------
rfolstad
The real news here is that while Microsoft is losing the smart phone market
they are the market leaders in the bot net market with a clear 100%!

Thank you Microsoft for helping to clean up your mess!

~~~
vyrotek
How is it their mess?

~~~
JoachimSchipper
Presumably, because most botnets consist of Windows computers. If Windows
security were better, building a botnet would be difficult.

That said, most botnets consist of old unpatched Windows computers or spreads
via third-party software (e.g. Flash/Acrobat Reader), and MS' market share
means that it will be targeted even if it their security is no worse than
their competitors'. Windows security still could be better, but I don't think
blaming Microsoft is as justified as it was before e.g. XP SP2.

~~~
radicaldreamer
The only reason most botnets consist of Windows computers is because Windows
is ubiquitous, difficult for the average Windows user to secure, and full of
security issues from add-ons and plugins.

Look for future malware to be spread using the biggest rarely updated
smartphone platform (currently Android).

~~~
nitrogen
Cell carriers _really_ need to realize that they're effectively selling
perpetually-connected pocket-sized computers, and that refusing updates
because they're "not in the business plan" is going to cause them an
inordinate amount of grief due to malware.

~~~
CamperBob
The carriers are not the sort of businesses who are well-known for thinking
ahead.

~~~
rbanffy
They still won't be able to bend reality to their convenience. When this can
of worms is opened, it will be nasty.

The only thing that may come to their aid is that telcos have a power over the
phones that connect to them no PC OS maker has. Well... Maybe Apple will get
there...

And, BTW, once phone manufacturers realize they need to provide security
updates for the life of the phones, they will trim their lineups down to very
manageable levels.

