
Microsoft secretly beheads notorious botnet  - wglb
http://www.pcpro.co.uk/news/security/355852/microsoft-secretly-beheads-notorious-botnet
======
lmkg
Not only were they doing something virtuous while shrouded in secrecy, the
secrecy was necessary for them to accomplish their goals. While I'm in general
totally in favor of openness and transparency, there are competing concerns
that it should be weighed against, as this clearly demonstrates.

------
krmmalik
Good on you Microsoft. How's that for a little bit of social responsibility.

------
ableal
I have a foreboding that the first "real" AI may well come out of spamming and
other forms of unpleasantness ...

 _the operation hasn’t cleaned the infected computers and [... a]lthough the
zombies are now largely out of the bot-herders’ control, they are still
infected with the original malware_

That will learn them some bird calls next time, if not yet done.

------
bediger
Microsoft got legal approval for this. How many extra-legal, or grey-area
"Operations b49" have taken place? I don't imagine Microsoft has done many (if
any) extra-legal beheadings, but surely somebody has. All those academic
papers about taking control of botnets and measuring the take-up rates on
penis pill offers had to come from somewhere.

------
lanstein
Cool, but how long until it auto-registers new domain names according to some
algo? (see Srizbi)

~~~
eli
Well, it's not sentient, so it isn't registering anything it wasn't already
programmed to, and it isn't getting any new commands with all existing C&C
routes gone.

~~~
rbanffy
Making the C&C domain time-dependent is trivial. Making the domain name based
on time-dependent keys, steganography and queries across multiple domains as
the basis for computing the current or next C&C domain would make the life of
the good guys very uncomfortable.

~~~
eli
Of course it can be done (and has been done). But in this case it apparently
wasn't.

------
jpablo
I wonder if this had any noticiable impact of the number of spam send. I
haven't noticied it on my inbox.

