07.26.10
Techrights Flooded by Microsoft Bots
Summary: Technical problems all day today (so far) are caused by bots that identify themselves as “MSIE 4.01; Windows NT; MS Search 6.0 Robot”
MICROSOFT KEEPS reminding us why it is cancer on the Web. For about 5 hours thus far today we have had our server hardly capable of serving pages. Microsoft bots keep hammering on it and there is no simple solution to this. We occasionally have problems with Windows zombies (sometimes lasting days and forcing us to move between hosts), but so do many other Web sites, including goodbyemicrosoft.net. Earlier today we found out more about those zombie attacks goodbyemicrosoft.net has been subjected to for weeks. Interestingly enough, in the latest post which discusses this ongoing issue the administrator of goodbyemicrosoft.net points out that Microsoft bought goodbyemicrosoft.com. That’s right. And the zombie attacks on goodbyemicrosoft.net have been so persistent and long that its owner considered just shutting it down.
But now I’ve invested some time in it, so I don’t want to just shut it down. Hence the search for a new domain name. goodbyemicrosoft.com was taken, so I registered goodbyemicrosoft.org. (Not yet active…give me a few weeks.)
Then I began to wonder…was goodbyemicrosoft.com a kindred spirit? Visiting that web address just returns a Bing search page, so I figured the domain had been registered and parked. So I decided to try a whois search, where I found the owner is:
Domain Administrator
Microsoft Corporation
One Microsoft Way
Redmond WA 98052
US
In other Windows vulnerabilities news, this week we have:
i. Spy rootkit goes after key Indian, Iranian systems
Sophisticated malicious software which infects critical infrastructure systems is spreading in the wild, according to security companies.
ii. Internet Worm Targets SCADA
Stuxnet is a new Internet worm that specifically targets Siemens WinCC SCADA systems: used to control production at industrial plants such as oil rigs, refineries, electronics production, and so on. The worm seems to uploads plant info (schematics and production information) to an external website. Moreover, owners of these SCADA systems cannot change the default password because it would cause the software to break down.
iii. Stuxnet malware threat continues, targets control systems
The recently discovered Stuxnet malware, which takes advantage of a zero-day Microsoft Windows Shell vulnerability, is being used in targeted attacks to penetrate industrial control systems, particularly in the United States, according to security researchers.
Microsoft is cancer on the Web and until it fixes its broken operating system (it probably won’t ever happen) webmasters will continue to live in fear and agony (the agony of having to waste valuable time dealing with Windows bots). We believe we may have found a temporary way of filtering out the junk (screenshot below), but it takes a lot of time and bots find ways around the limitations that also block genuine requests (update: and at the moment of posting the hammering/attacks resume again). In another site of mine I had to change files/addresses in order to escape months of traffic abuse/DDOS against the Wiki — abuse which cost a lot of time and money for extra bandwidth. That ended last month. Microsoft’s real cost to the economy is immeasurable. █
