EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

01.28.09

Windows Botnets Go Out of Control, Obama Web Site Delivers Windows Malware

Posted in Microsoft, Security, Windows at 10:47 am by Dr. Roy Schestowitz

THERE ARE SO MANY MICROSOFT failure stories to share today that it’s hard to decide where to start.

Sites Hijacked

Microsoft’s security nightmares as of late [1, 2, 3, 4, 5, 6, 7] are where we begin by presenting the following report about a government site in Australia getting cracked and doing enough harm that it needed to be shut down.

Like you, I get masses of spam. I knew it wasn’t from jobs.nsw.gov.au no matter how much it pretended to be. I deleted it figuring it was “just another” bit of junk mail, although I was surprised to find one purporting to be from the NSW Government job board; that was definitely a new one on me!

Had I thought about it deeper I might have considered this was no ordinary spam. This time there was a direct relationship between how the spammers got my e-mail address and the organisation they purported to represent.

It turns out the Department of Commerce has taken this whole incident very seriously indeed, and far more than common garden-variety spam would necessitate.

If you visit the site jobs.nsw.gov.au you will see it is inaccessible, and in fact, has been for a week. A message advises that the system is down for “system maintenance.”

The site is powered by Microsoft IIS.

Moving on a little, it turns out that Obama’s Web site too is causing harm. Some pages in it are distributing Windows malware.

Web security firm Websense reports that malicious hackers have registered multiple bogus user accounts on My.BarackObama.com. The site allows legitimate punters to join groups, raise funds, or creates blogs. The griefers have established blogs with fake YouTube clips, ostensibly offering grumble flicks.

According to some new statistics, there is a sharp increase in distribution of Windows malware, with more malicious sites than one can practically keep track of:

AVG is seeing between 200,000 to 300,000 new Web sites per day hosting code that can in some cases result in a PC being infected with malware just by visiting the site, said Roger Thompson, AVG’s chief research officer.

Zombies/Botnets Explode

Conficker is still running wild and it’s draining resources along its path (human resources and Web resources).

The world’s top virus hunters are watching every move made by the attacker in control of a nasty new Internet worm — referred to as “downadup” or “conficker.”

The number of infected Windows PCs keeps growing fast.

A virulent computer virus has infected as many as 15 million computers around the world so far, according to various estimates.

The virus — a self-replicating computer worm known as Downadup, Conficker or Kido — spreads across computer networks using Microsoft Windows software which have not been patched or updated properly. Microsoft issued a patch that fixes the vulnerability the virus exploits last October.

This is also covered here.

Computer experts are preparing to respond to further virus outbreaks and security threats posed by the Windows worm, known as Conficker, Kido and Downadup, which has infected more than 15 million PCs worldwide.

Had Microsoft cared about security rather than premature announcements (vapourware) and irresponsible releases, the Internet would have been a better and safer place to travel.

“Our products just aren’t engineered for security.”

Brian Valentine, Microsoft executive

Broken glass

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

5 Comments

  1. Needs Sunlight said,

    January 28, 2009 at 12:12 pm

    Gravatar

    Over the years there have been various Internet milestones. e.g. www passing telnet, then passing ftp-data. ogg vorbis passing 12% of audio, etc. e-mail becoming 60% then 90% spam from windows botnets.

    At what point does (has) the point where the majority of traffic is windows malware get passed?

    Internet has been good, but is in terminal stage windows infestation. Internet2 died on the vine in part because of MS and probably in part because of Doug. How about Internet3, starting with a flat out ban on closed protocols *and* a prohibition against any Windows or MS products…

  2. Needs Sunlight said,

    January 28, 2009 at 12:15 pm

    Gravatar

    Both the UPI article and the USA Today article have major errors. Both misidentify the worm as an “Internet” worm or a “computer” worm. It is neither. It is a Windows worm.

    110 years of journalistic excellence my ass.

  3. Roy Schestowitz said,

    January 28, 2009 at 12:19 pm

    Gravatar

    This is a very important point that Carla wrote about. I mentioned her 2 writings on this subject and gave a new example of Microsoft pressure groups muscling journalists.

  4. twitter said,

    January 28, 2009 at 12:47 pm

    Gravatar

    Messing with the president’s website make a serious federal reaction for these idiots. It will be interesting to watch GWB’s wiretap program turned around to track the spammer’s network. (Who knows, Obama might even get the propper search warrants.) My prediction is that the botnet trail will lead back to WE and other corporate proxies and Obama will dig as deep as he can to find it and any other pieces of Republican guilt. Even if he can’t find that, the M$ cesspool is sure to have dire consequences for M$. We’ve already seen stories about him grumbling about White House computer backwardness and being forced to use a Winblows Mobile handset. Silly stories about iPods and Zunes must also chafe, who would not resent being used as an endorsement for something as rotten as Zune? Porn spam on his website might move Obama’s M$ relationship from disdain to hatred.

  5. Gentoo User said,

    January 28, 2009 at 1:49 pm

    Gravatar

    Apparently you forgot to write up a nasty condemnation of all those PHP/Apache-based sites that were hacked to serve off malware a while ago. They targeted a vulnerability that had a readily-available patch weeks before the exploit was seen in the wild. And then they used Google bombs to draw traffic to the pages, if I recall.

    Oh no, wait. You didn’t forget, of course.

What Else is New


  1. Only Months After Microsoft's Ramji Enters the Linux Foundation Microsoft Gradually Joins Him

    Sam Ramji is doing to Linux what Stephen Elop did to Nokia



  2. Microsoft Wants to Remove (or Deprecate) PuTTY From Windows and Replace It With Proprietary Microsoft Software

    The most prominent NSA partner wants to 'contribute' to OpenSSH, one of the thorns in the side of spies all around the world



  3. EPO Corruption Compared to FIFA Corruption While 'Control Risks' Helps EPO Hide/Suppress Evidence of Corruption; Calls on German Authorities to Crack Down on Both

    As German authorities express eagerness to crack down on corruption calls emerge for action against the Munich-based EPO, where Battistelli acts like an out-of-control autocrat who tries to silence the media and conceal information about Topić's and his own abuses



  4. When Patent Lawyers Attack the Messengers for Stopping Software Patents, Ignoring Patent Law's New Post-Alice Reality

    Analysis of recent articles from patent lawyers, highlighting their bias and disregard for facts in this system which has become increasingly intolerant toward software patents



  5. Links 3/6/2015: More Ubuntu Phones, Qt Releases

    Links for the day



  6. Links 2/6/2015: Black Lab Linux Releases, Krita Fundraiser

    Links for the day



  7. IRC Proceedings: May 17th - May 30th, 2015

    Many IRC logs



  8. Sharp Drop in Microsoft Patents, But Not in Patent Assaults, Coordinated Attacks on Android/Linux, and Googlebombing

    Using patent blackmail (antithetical to the original goal of patents) and other forms of blackmail, Microsoft is desperately trying to crush GNU/Linux and Android, all while Windows 'sales' fall and investors lose confidence



  9. EPO Reluctantly (and Privately) Confirms Giving Public Money for Military-connected 'Control Risks' to Spy on Journalists and Their Sources While Techrights is Under Fresh DDOS Attacks

    The EPO President -- or anyone who is referred to as 'appointing authority' -- finds himself even deeper in a scandal as he silently attacks the very same people whom he pretends to negotiate with by contracting spies from London (to maliciously target British journalists)



  10. Links 1/6/2015: wattOS R9, Tanglu 3

    Links for the day



  11. Supreme Failure: With SCOTUS Approval of Patent Trolls and a Push by Justice Department to Reinforce Copyright on APIs (at SCOTUS Level) the Future Looks Gloomy

    The patent system goes wild in terms of scope, the nature of the plaintiff (merely purchasing patents), and the extension of patents to monopolies on named APIs (by virtue of deranged interpretation of copyright law)



  12. McAfee Associates Free Software and Anonymity With Crime

    Insecurity firm McAfee, whose record on Free software is appalling (it is Windows-centric for its business), continues years of tradition by slinging mud at Tor



  13. The EPO Still Wastes Public Money on Publicity Stunts and 'Reputation Management' Campaigns

    The European Patent Office (EPO) is misusing public funds to manufacture self-congratulatory publicity for itself whilst attacking those who write negative commentary



  14. The Lessons of Stuxnet: Never Use Microsoft Windows

    Windows is sufficiently 'NSA-compatible' for remote compromise and physical damage (sabotage) to highly sensitive, high-risk equipment



  15. Links 30/5/2015: Wine 1.7.44, Berry Linux 1.20

    Links for the day



  16. White House Intervention Harms Android and Every Software Developer on the Planet

    US Solicitor General Donald Verrilli urges the Supreme Court (SCOTUS) to let APIs be covered by copyrights, rendering almost every program a potential copyright violation



  17. Microsoft Lobbying in India Shoots Down or At Least Weakens Free/Libre Software Policy

    Microsoft's covert efforts (lobbying with the help of public partners like NASSCOM) to eliminate an India-leaning software policy in India is finally paying off



  18. Propaganda Mode for UPC Agreement Whilst EPO Increasingly Grants Patents on Software

    In order to make the Unitary Patent a reality (towards a 'no place to hide' patent approach) misleading claims are being made



  19. Patents Are Not Source Code

    Ford is once again misleading regarding Open Source, mischievously associating a patent pledge with Open Source



  20. Links 29/5/2015: ALT Linux 7.0.5, Google I/O 2015

    Links for the day



  21. Links 28/5/2015: SourceForge Hijack, RIP Marco Pesenti Gritti

    Links for the day



  22. Censorship on Reddit Has Gotten (Condé) Nasty and Silent, Even Actively Silenced

    Condé Nast has turned Reddit into a platform of censorship after the acquisition



  23. The Supreme Court of the United States Helps Patent Trolls

    In an unforeseen kind of ruling, the same court which slapped down a lot of software patents last year is now legitimising the actions of a patent troll



  24. Patent Lawyers Fight Hard for the Future of Software Patents

    Media that is dominated by patent lawyers and targets an audience of patent lawyers refuses to accept the post-Alice reality



  25. Fortune Glorifies Patent Troll Jay Walker (Patent Utility)

    Jay Walker, a patent troll, creates a Web-based trolling/'licensing' service and the corporate media helps him



  26. Stealing Android's Thunder, Making It All About Apple and Microsoft During Google I/O

    Misleading articles and conjoined media/analyst attacks on Android coincide with Google's event where major Android announcements are being made



  27. British Government May be a Step Closer to GNU/Linux (on the Desktops, Not Just Servers)

    The British government stops paying the criminal company that blackmails its members, thereby increasing the possibility of complete escape from proprietary software



  28. Microsoft's Patent Allies LG and Sony Agree to Put Microsoft Inside Android

    LG and Sony (of Rockstar Consortium) follow Samsung and Dell in Microsoft's campaign to turn Android into 'Microsoft Android' using patents-induced pressure/leverage



  29. Yet Another Major Security Deficiency in UEFI

    UEFI is inherently insecure, more so than the alternatives which it strives to replace, including Free/libre ones



  30. Links 27/5/2015: Fedora 22 is Out, Mandriva Liquidated

    Links for the day


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts