02.13.09

Botnets and Bounties Versus Real Security

Posted in Finance, Microsoft, Security, Windows at 7:14 am by Dr. Roy Schestowitz

THERE ARE many reports this week about Windows security problems, but one that really stood out is this one from yesterday:

Microsoft is offering a $250,000 reward for information that leads to the arrest and conviction of the virus writers behind the infamous Conficker (Downadup) worm.

This was also covered in:

So Microsoft plays sheriff and puts money on people’s heads rather than actually produce secure and robust systems. That’s the equivalent of jailing many people for possession of illegal drugs rather than looking for ways to prevent the trafficking of such drugs. It completely ignores the causes and instead addresses an outcome. The outcome is not just tens of millions of hijacked computers in this case; the ‘outcome’ is also teenage cyber-criminal who are empowered by badly engineered systems. Will there be a bounty presented to combat each and every Windows virus that exists (there are over a million, including variants)?

In other news, 8 “critical” vulnerabilities have just surfaced in Microsoft software.

Microsoft Patches 8 Critical Vulnerabilities

Microsoft Tuesday patched eight vulnerabilities — three of them marked “critical” — in the company’s Internet Explorer (IE), Office, Exchange and SQL Server software.

“Critical” is the highest degree of severity in Microsoft’s scale, so it’s only reasonable to expect larger botnets. Speaking of which, Microsoft is again addressing the wrong problem in the wrong way when it tries to take apart botnets rather consider the reasons for their creation in the first place.

Microsoft has beefed up the Malicious Software Removal Tool (MSRT) that ships with its Windows operating system so that it will detect and root out the notorious Srizbi botnet code.

“This month’s MSRT takes on one of the largest botnets currently active worldwide,” wrote Microsoft spokesman Vincent Tiu in a blog posting Tuesday, the day the update to the software removal tool was released. “Win32/Srizbi has been accused of being responsible for a huge chunk of spam e-mail messages sent in the years after its discovery,” he added. “We hope to make a positive impact with the addition of Win32/Srizbi into MSRT.”

This is also covered here.

In other security-related news:

i. Fake Infection Warnings Can Be Real Trouble

Michael Vana knew something was up when he saw the pop-up from “Antivirus 2009″ in the middle of his screen. The former Northwest Airlines avionics technician guessed that the dire warning of a system infection was fake, but when he clicked on the X to close the window, it expanded to fill his screen. To get rid of it, he had to shut down his PC.

ii. Fraudsters cream opposition in cybercrime wars

The celebration of Safer Internet Day on Tuesday was marked by warnings that cybercriminals are staying ahead of defenders in their attempts to defraud or otherwise abuse internet users.

iii. Germany deploys cybersoldiers

GERMANY HAS REVEALED that it has a team of 76 soldiers who are trained to defend the country from cyber attacks and software piracy.

Once again, Windows and the Web are unable to play nice with each other:

New Windows virus attacks PHP, HTML, and ASP scripts

Researchers have identified a new strain of malware that can spread rapidly from machine to machine using a variety of infection techniques, including the poisoning of webservers, which then go on to contaminate visitors.

The malware is a variation of a rapidly mutating virus alternately known as Virut and Virux. It has long proved adept at injecting itself into executable files, which are then able to attack uninfected machines through network drives and USB sticks.

A reader has just alerted us that a man is moving from the Ministry of Finance to Microsoft, hinting at possible government connections. Microsoft has already 'pulled an EDGI/MOU' around there.

Regarding news coverage like this one, wrote the reader, “the non-cached page has some nasty tricks to wipe out non-Javascripted browsers.” Further he added: “I have often wondered if the sudden push to web 2.0 is to compensate for loss of access that various interests have as people depart Microsoft Windows. The reasons for snubbing client-side javascript are still valid, perhaps more so than years past. Certainly there has been no value added. What does get added, aside from slowness and loss of functionality, is a whole slew of ways to remotely access content or activities on the client.”

Those who want a secure system ought to look at GNU/Linux.

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

6 Comments

  1. Jose_X said,

    February 13, 2009 at 7:20 am

    Gravatar

    Don’t bad guys sometimes get more motivated when there is a bounty on their head?

    The FOSS way is better. They give. They open up. They give you reasons to be a white hat. They also allow for many white hats so as to keep black hats in check/ineffective. The varied ecosystem limits damage. Etc. Etc.

  2. Roy Schestowitz said,

    February 13, 2009 at 7:30 am

    Gravatar

    Someone has just raised the valid point that it’s important for Microsoft to point its finger at someone, so the company pays up.

    Hospitals across the UK become botnets due to Conficker? Don’t blame Microsoft. Blame… *that* guy.

    If you leave your door open every night, expect intruders to come through the door one night.

  3. Jose_X said,

    February 13, 2009 at 7:39 am

    Gravatar

    PHP and HTML.. like apache and firefox and ?? are having their names tarnished through associations with Microsoft. It seems whenever Microsoft messes up, they pull down these guys so as to appear to stay even.

    Not smart to embrace a viper.

    These devs should dissociate themselves with Microsoft.

    Tomorrow, these apps may need a paying license simply to run on MSware and maybe even on wine http://boycottnovell.com/2009/02/04/the-api-trap-part-1/ . In any case, why support their monopolies http://boycottnovell.com/2008/11/25/jose-on-mono/ . And let’s not forget the deception that defines Microsoft http://boycottnovell.com/2009/02/08/microsoft-evilness-galore/ .

  4. Jose_X said,

    February 13, 2009 at 7:52 am

    Gravatar

    >> Don’t blame Microsoft. Blame… *that* guy.

    From the article: “This month’s MSRT takes on one of the largest botnets currently active worldwide,” wrote Microsoft spokesman….

    -> Microsoft is taking on bad guys for people’s sake. Microsoft is helping us fight the evil forces of humanity. [Shoot that robot.]

    Anyway they try to spin it, this doesn’t change: Microsoft keeps tons of secrets to themselves (until these escape) so that they can take much more of all our money. The result is that there are fewer people equipped to defend against attacks because Microsoft is not sharing.

    Anyway you look at it, Linux is more responsive to security/safety needs because it’s secrets belong to everyone (and not just to greedy employees and criminal spies).. not coincidentally, making it less expensive than Windows in many ways.

    I wonder if this Conficker tapped into an MS secret or vuln or design flaw that Microsoft can’t afford (isn’t willing) to really fully fix.

  5. Roy Schestowitz said,

    February 13, 2009 at 7:55 am

    Gravatar

    Some holes are designed to be there for the secret services. It was officially confirmed more recently.

  6. Jose_X said,

    February 13, 2009 at 8:11 am

    Gravatar

    >> Not smart to embrace a viper.

    In the future, I’d expect WinFOSS (and not MS’ apps) to be affected by certain types of malware (because of vulnerable system hooks given to FOSS by Microsoft).

    Thus some FOSS devs sell out to Microsoft (and enrich their hostile closed monopoly platforms to the detriment of Linux&friends) only to be betrayed. ..Tell me something new.

    Speaking of betraying “partners”… and of having their hand forced too early, initiating costly ventures, and unbridled ambitions: http://www.reuters.com/article/ousiv/idUSTRE51B7K620090213 “Microsoft to open own stores, take on Apple”

    Besides their own brand, they will probably do more new partnering (eg, with companies run by their ex-execs) to produce brand name FOSS derivatives to eliminate the vanilla apache, php, etc.

    To get into MS’ store, you will need to kiss their ring and take you seat back in the auditorium (for the most part, unless you are an ex-softie — though these too will be sacrificed as necessary).

    Just what we need. Microsoft’s arrogance, bullying, and profit-hoarding, extended into more areas affecting consumers and existing markets.

What Else is New


  1. IRC Proceedings: Tuesday, November 24, 2020

    IRC logs for Tuesday, November 24, 2020



  2. Making JavaScript Suck Less

    "Other than that, the first rule of JavaScript is: Do not use JavaScript. But this article is for people who break the first rule."



  3. Microsoft 'Moles' Inside WINE Project? WINE Should Bring Windows Users to GNU/Linux, Not the Other Way Around.

    The press release above (link omitted, it was pinned in several sites) is a cause for concern; after Microsoft infiltrated OSI and the Linux Foundation (both are now GitHub boosters, in effect diverting projects to Microsoft’s proprietary monopoly) it’ll be important to watch this space



  4. Links 25/11/2020: Raspberry Pi 400 With Touchscreens, Animation Framework in GTK/GNOME

    Links for the day



  5. [Meme] Things Will Get Amusing When/If EPO Proceedings Are Cancelled Due to Patent Trolls Suing the Platforms Using Software Patents (Granted by the EPO)

    The management of the EPO is so proud to be granting illegal software patents in Europe; this clear abuse of authority can come back to bite it in the rear



  6. Dr. Bausch Questions the Merits and Claims of EPO Management Regarding ViCo ('Skynet' Virtual 'Courts')

    Few courageous attorneys are willing to speak out about (and against) what EPO management is doing right now, in effect exploiting a public health crisis to override the law, spy on lots of people, outsource legal proceedings to the United States and so on



  7. Links 24/11/2020: Linux 5.9.11, Istio 1.6.14 and LibreOffice 7.1 Beta Released

    Links for the day



  8. Lots of Good News Today

    A quick roundup of news and key developments; most of them are positive and they give us hope



  9. Massive Collective Action Begins at the European Patent Office Today, Demanding Change and Forewarning the Management (Litigation)

    The financial "hoax" at the EPO (taking away money from staff to feed a gambling addiction of managers) needs to stop; staff has begun mass-mailing the management, threatening legal action



  10. EPO Management is Still Distracting From the 'Elephant in the Room' by Corrupting Media and Academia

    Under the EPO's dictatorship the law is being routinely violated; in order for the public to not pay attention or receive mixed messages (resulting in confusion) the EPO is manufacturing so-called 'studies' (which patent offices aren't supposed to do; they should focus on patent-granting while complying with the law)



  11. EPO's Central Staff Committee on Latest Meeting With Office Dictator: “No Meaningful Discussion Could Take Place.”

    Whilst allegedly preparing legal action the staff representatives at the EPO report on the lack of progress after so-called 'dialogues' (merely a false impression of consultation)



  12. Growing Concerns That EPO Staff Has Been Placed Under de Facto House Arrest by an Entirely Unaccountable Office

    "House arrest" is excessive and disproportionate. So says the Central Staff Committee of Europe's second-largest institution (which surprisingly enough the media is failing to properly study and investigate) as it highlights yet more human rights violations.



  13. IRC Proceedings: Monday, November 23, 2020

    IRC logs for Monday, November 23, 2020



  14. Internal Error: Unified Patent Court and Unitary Patent Incompatible With the Constitution and Basic Laws

    The FFII has issued a statement for Members of the Bundestag, Members of the European Parliament, Members of the Council, German Presidency of the EU, Chancellor Merkel, Commissioner Von Der Leyen, Commissioner Reynders, and Battistelli's buddy Breton



  15. The EPO is Using Hype Wave and Buzzword to Promote Illegal Software Patents in a So-Called “Digital Conference”

    The "HEY HI" or "AI" hype is misused by the Office; not just in person but also in webstreams, which basically serve as a vehicle for illegal agenda



  16. Dutch Delegation and German Delegation at the Administrative Council of the EPO Upset at the Office for Secrecy, Working Behind the Scenes to Crush Productive Staff

    Less than halfway through his term at the Office, Battistelli's buddy already faces growing criticism and, according to the Central Staff Committee, he "was emotionally affected by the intervention such that he was not able to effectively reply to the questions of the delegates."



  17. Links 23/11/2020: GNU Guix 1.2.0, Evaluating Precursor’s Hardware Security, Kdenlive 20.08.3, Kodi 19.x Beta, Vulkan 1.2.162

    Links for the day



  18. Links 23/11/2020: Linux 5.10-rc5, GIMP Turns 25, 4MLinux 34.2, Escuelas Linux 6.11, MPV Player 0.33

    Links for the day



  19. How to Put on Airs of Professionalism Like a Boss

    "Boardroom suits are not meant to be flashy, but to conform. Simple lines and smart ties -- the opposite of what Richard Stallman would wear, show that you are either a well-machined cog or a serious adversary."



  20. IRC Proceedings: Sunday, November 22, 2020

    IRC logs for Sunday, November 22, 2020



  21. Legal Action at the European Patent Office (EPO) Leveraged Against Management... for Robbing EPO Staff and Robbing Europe, by Extension

    The EPO is being looted for its value; the staff is rightly concerned and there’s legal action on the way, filed reluctantly as there’s clearly no other option (a last resort/necessary recourse)



  22. Cory Doctorow at Privacy Week 2020 on DRM, Freedom/Software Freedom, Regulation, Etc.

    “We Used To Have Cake, Now We’ve Barely Got Icing” by Cory Doctorow.



  23. Links 22/11/2020: KaOS 2020.11, Calindori 1.3, KStars 3.5.0

    Links for the day



  24. New Position Paper on the Unified Patent Court (UPC) Says It's “Not the Best Solution for Europe” -- Clearly an Understatement

    UPC proponents (profiteers) aren't enjoying support anymore; not only has progress stalled (come to a complete stop) but the whole debate about the UPC (or anything conceptually like it) turned toxic and negative because facts come out, overriding lobbyists of litigation giants



  25. Mortality Rates Increase at the EPO and Christmases (or Holidays) During Corona Mean Fewer Days Off

    There's still no sign (other than hand-waving and empty gestures/smiles) that the EPO's management wishes to right the wrongs and undo the damage done over the past decade or so; in some ways, today's management is worse than ever before (grossly incompetent and eager to break the law at every turn)



  26. Newly Abnormal: A Crackdown on EPO Staff and Labour Rights in 'Survey' Clothing (Willis Towers Watson)

    In a very characteristic fashion, with zero consultation/input from staff (or staff representatives/union leaders) EPO President António Campinos proceeds to implementing illegal ‘reforms’, assuring any remaining non-sceptics that he’s just another Benoît Battistelli



  27. IRC Proceedings: Saturday, November 21, 2020

    IRC logs for Saturday, November 21, 2020



  28. [Meme] Good Advice From the FSF, So It's Time to #DeleteGitHub

    A good gift for the FSF would be git; not GitHub, but git



  29. Go Distributed, Go Encrypted, Go Secure, Transparency Still Possible

    Earlier today we enhanced access to our (sometimes anonymised) IRC logs by issuing text (ASCII) versions, which will from now onwards be a nightly/daily occurrence; we're also making everything we publish accessible from a large number of IPFS nodes (akin to P2P)



  30. IAM Celebrating and Glorifying Illegal Patents With Fake 'Awards' and Bogus 'Endorsements'

    IAM's fake 'awards' are nothing more than business and agenda-steering lies; it's time to call out again the real corruption that's driving IAM (which is itself supporting and advocating corruption)


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts