Bonum Certa Men Certa

Microsoft Uses GNU/Linux for DNS, But Still Stuck at Beginners' Level

"In Ballmer's naively managerial mind-set, if Wood said it would take two months, then in reality it could be done in one—if only people would get fired up."

--Barbarians Led by Bill Gates, a book composed
by the daughter of Microsoft's PR mogul



Summary: Microsoft DNS servers are said to be attacking other servers and Microsoft ignores the problem for weeks; Microsoft partners are accused of using DNS to harm and defame critics too; the MSBBC provides some more perception management by giving Microsoft a platform

It's happening again. Microsoft reveals to the world that even Microsoft can't help using GNU/Linux [1, 2, 3, 4, 5, 6]. It's just too awesome to avoid!



Unfortunately for Microsoft, it clearly lacks the skills to operate Free software. There's no in-house talent and internal operations are moreover outsourced/off-shored to Infosys where wages are lower. So anyway, what's it all about? Microsoft uses Linux for DNS and avoids its own 'solutions'. We have already given many links on security flaws in Microsoft's DNS implementation and Windows zombies with resultant DNS downtimes. Microsoft is now trying Linux and it allegedly misconfigured the servers, which obviously get hijacked as a result. [via]

For the past three weeks, internet addresses belonging to Microsoft have been used to route traffic to more than 1,000 fraudulent websites maintained by a notorious group of Russian criminals, publicly accessible internet data indicates.

The 1,025 unique websites — which include seizemed.com, yourrulers.com, and crashcoursecomputing.com — push Viagra, Human Growth Hormone, and other pharmaceuticals though the Canadian Health&Care Mall. They use one of two IP addresses belonging to Microsoft to host their official domain name system servers, search results from Microsoft’s own servers show. The authoritative name servers have been hosted on the Microsoft addresses since at least September 22, according to Ronald F. Guilmette, a researcher who first uncovered the hijacking.


Two days ago it was confirmed:

According to network security researcher Ronald F. Guilmette, the Microsoft IP addresses had been used to host the websites' authoritative name servers since at least September 22. El Reg ran the data he supplied by experts in DNS and botnet take-downs, and most said it likely indicated that one or more machines on Microsoft's network had been infected with malware.

About 24 hours after The Reg article ran, security reporter Brian Krebs reported that one of the two Microsoft IPs had been used to coordinate a massive denial-of-service attack against his website, KrebsOnSecurity.com. Shortly after the attacks began on September 23, researchers were able to pinpoint the Microsoft IP and within hours they notified Microsoft of the compromised IPs, the site reported.

Remarkably, the machines weren't unplugged from Microsoft's network until Tuesday, almost three weeks later, shortly after The Register article was published. Also notable, according to Krebs, the machines that were compromised were running Linux.


"It's not very clear why Microsoft failed to properly investigate the report at the time and allowed the abuse to continue on its network for another three weeks," say other sources and Brian Krebs probably has the most detailed analysis:

The attack on my Web site happened on Sept. 23, roughly 24 hours after I published a story about a criminal online service that brazenly sold stolen credit card numbers for less than $2 each (see: I’ll Take Two MasterCards and a Visa, Please). That story got picked up by BoingBoing, Gizmodo, NPR and a variety of other sites, public attention that no doubt played a part in the near-immediate suspension of that criminal Web site.

At first, it wasn’t clear what was behind the attack, which at one point caused a flood of traffic averaging 2.3 gigabits of junk data per second (see graph above). Not long after the attack ended, I heard from Raymond Dijkxhoorn and Jeff Chan, co-founders of SURBL, which maintains a list of Web sites that have appeared in spam. Chan sent me a message saying he had tracked the attack back to several Internet addresses, including at least one that appeared to be located on Microsoft’s network — 131.107.202.197.


Damage control came later:

Update, 7:34 p.m. ET: Christopher Budd, Microsoft’s response manager for trustworthy computing, sent this statement via email: “Microsoft became aware of reports on Tuesday, October 12, 2010, of a device on the Microsoft network that was possibly compromised and facilitating spam attacks. Upon hearing these reports, we immediately launched an investigation. We have completed our investigation and found that two misconfigured network hardware devices in a testing lab were compromised due to human error. Those devices have been removed and we can confirm that no customer data was compromised and no production systems were affected. We are taking steps to better ensure that testing lab hardware devices that are Internet accessible are configured with proper security controls.”


This exercise in damage control meets Pogson who writes that Microsoft "has been outed running GNU/Linux on some unsecured testing machines. The machines were being used to route surfers to spam sites." He then asks:

All kinds of questions arise:

* What was M$ doing with DNS servers running GNU/Linux open to the web? * Why were they unsecured? * Why did they take weeks and media coverage to get them taken off-line when a target of a DDOS attack organized by those servers reported to M$ promptly weeks ago? * If they were in a testing lab, why weren’t they being tested??? The Register article was published. Also notable, according to Krebs, the machines that were compromised were running Linux.


Damage control fail. Sorry, Microsoft.

Speaking of DNS, G-WAN alleges that Microsoft "is (illegally) Hijacking 16 of our Domain Names". We have not worked to verify this, but it's worth looking into.

This whole thing is becoming a PR disaster for Microsoft because it shows that the company uses Linux for its internal operations (whilst also attacking companies which use Linux), does not use it properly, and to make matters worse, it does not care if it harms other people's systems because of its misconfigured Linux boxes. And by the way, it's definitely a human problem, not a Linux problem, according to IDG:

Microsoft blamed human error after two computers on its network were hacked and then misused by spammers to promote questionable online pharmaceutical websites.


What a multi-dimensional PR disaster. Can the MSBBC rescue Microsoft's reputation? It sure can try.

The MSBBC has just published this rubbish 'article' where rather than say that about one in two Windows PCs is compromised decided to go to Microsoft for material, again (Windows zombies are just "sick" PCs, according to the MSBBC which quotes Microsoft's Charney).

Watch them using Microsoft-supplied/given numbers to talk about Windows and thus only deceive the public while pretending to inform:

The US leads the world in numbers of Windows PCs that are part of botnets, reveals a report.

More than 2.2 million US PCs were found to be part of botnets, networks of hijacked home computers, in the first six months of 2010, it said.


Says Microsoft. It's always orders of magnitude off target.

This article is so poor that it ends up making Microsoft look like a saviour rather than the party to blame for botnets. Technology propaganda continues to arrive from the MSBBC, which is occupied by former Microsoft UK executives. No surprise there, ever, but that's okay because it's so predictable.

Comments

Recent Techrights' Posts

Weeding Out Extremism in Our Community
To me it seems like Microsoft Lunduke is rapidly becoming like a "hate preacher" who operates online, breeding an extremist ideology or trying to soften its image
Censorship Versus Fact-Checking and Quality Control
It's not censorship but a matter of quality control
Gemini Links 07/07/2025: BaseLibre Numerical System and TUI Rant
Links for the day
Two Risks to Companies: The Microsoft Culture and the Microsoft Tools
Novell was killed by a form of "social engineering" by Microsoft
It's Hard to Trust People Who Worked - Not Only Those Who Still Work - at Microsoft
Bryan Lunduke is just what people would call an "arsehole of a person"
 
Microsoft's Nat Friedman Became Unemployed the Same Time the SLAPPs Against Techrights Started Coming From His Friends (Weeks After We Had Exposed Scandals About Him and the Serial Strangler, His Best Friend, Who Got Arrested a Few Days Later)
Nat Friedman is not "Investor, entrepreneur"
Brett Wilson LLP Uses Threats to Demand Changes to Pages or Removal of Pages Without Even Revealing Which Staff Member Does That (Sometimes People From Another Firm!)
This has been in the public for years
Dan Neidle Said "It Really Then Became a Job of Tormenting" Lawyers Like Brett Wilson LLP (Who Threatened Him for Exposing Crimes, Just Like They Threatened My Wife a Few Months Later)
he and his wife decided to take on the evil people and their evil lawyers
Large Language Models (LLMs) Externalise Their Cost to the Free Software Foundation (FSF)
"The forty-sixth Free Software Bulletin is now available online!"
Reinforcing the Allegations Some More, Bryan Lunduke Digs His Own Grave
In his latest episodes he merely repeats his own lies, which I debunked using evidence right from his own mouth
Global Warming and Free Software as a Force of Mitigation
we'll need to think about Software Freedom, not just brands like "Linux"
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, July 06, 2025
IRC logs for Sunday, July 06, 2025
[Video] "Copyleft Isn't a Bug."
"Copyleft isn’t a bug. It’s a feature. GNU GPL forced the world to treat code like a public good."
Being in Social Control Media Means Exposing Oneself to Heckling
Richard Stallman does not (either himself or directly) post to any social control media
Links 06/07/2025: Airlines Perils, Scams, and Breaches
Links for the day
For the Second Time, Bryan Lunduke From Microsoft is Siccing Racist Trolls and Vandals at Me
You're only reinforcing the point we made yesterday
Links 06/07/2025: End to End Encryption at Risk, Reuters Twitter ("X") Account Withheld in India
Links for the day
Gemini Links 06/07/2025: Tinylog and Certification Rotation
Links for the day
Links 06/07/2025: Climate Change and "The Right to Criticise"
Links for the day
PCLinuxOS Sites Coming Back, Gradually
let's just be patient
Social Control Media, Even If Based on Free Software, Still Has Many Problems
a distraction from what actually mattered and still matters
IBM is Not Your Master
IBM makes friends with people who exclude the majority of the population: women
Help Fund the Free Software Foundation (FSF)
If you have some dollars to spare, go support the FSF
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, July 05, 2025
IRC logs for Saturday, July 05, 2025
A Short History of Attacks on Techrights (and Boycott Novell Before That)
good opportunity to tell again the story of several (not all) attempts to silence us
The Mainstream Media Took 4 Days to Realise Microsoft Shut Down Its Operations in Pakistan and Fired Everybody
We estimate that Microsoft has had about 29,000 layoffs since January
Leadership in Free Software
Don't let IBM lead. It's a terrible flag bearer.
“Twibel” Actions Against Comedians (and Why It's a Truly Low Blow)
they try to make up in quantities for a lack of merit or quality
Linux Foundation Apparently Flirting With Slop (Marketing by LLM-Generated SPAM)
The Web is in a really bad state!
COVID-19 Sped Up Site Improvements in Techrights
A few months later we created our very own IRC network
Gemini Links 05/07/2025: Negative Questions and 'Touching Grass' (Going Outside)
Links for the day
Links 05/07/2025: Dalai Lama Succession as 90th Birthday Approaches, 40 deg C in China
Links for the day
Links 05/07/2025: Hungary and US Defecting to Russia, "Google's Hotseat Hypocrisy"
Links for the day
Gemini Links 05/07/2025: 4th of July 2025 and "Zig Roadmap 2026"
Links for the day
How to Combat the Exploitation and Abuse by Microsoft GitHub
Not to mention corruption and crimes against women
Bryan Lunduke is Actually Sending His Audience to Attack People
"[Lunduke] is actually sending his audience to attack people."
Even The Right Wing is Rejecting Bryan Lunduke
no wonder he became so irrelevant and marginal
Microsoft's MSN Helps Microsoft Spread Lies About the Layoffs' Scale (Well Over 25,000 People Laid Off This Year)
There seem to be monopolies on lies and on truth
The Death of X Has Been Greatly Exaggerated (by Compromised Media)
X.Org Server is alive and well
Rewriting Things in Rust
How far would you go?
In 2025 Everything is "AI". Remember Blockchains?
Talk about what companies and things (services, products, software) actually do, not the labels they use
Julian Assange Has Been Free for a Year
Julian Assange and I disagreed on some things
Monopolies and Scalping
Monopolies gravitate towards price hikes
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, July 04, 2025
IRC logs for Friday, July 04, 2025
Microsoft's August Layoffs Wave: "August is Confirmed for Additional Performance Based Cuts"
"August is confirmed for additional performance based cuts from the recent connects along with additional organizational cuts."
What Microsoft Reputation Laundering (With a Weaponised Law Degree) Looks Like in a Foreign Continent
You would expect this in uncivilised and primitive countries
Slopwatch: LLMs 'Write' Fake or Distorted 'News' About "Linux"
LLM slop disguised as news