Bonum Certa Men Certa

Microsoft Uses GNU/Linux for DNS, But Still Stuck at Beginners' Level

"In Ballmer's naively managerial mind-set, if Wood said it would take two months, then in reality it could be done in one—if only people would get fired up."

--Barbarians Led by Bill Gates, a book composed
by the daughter of Microsoft's PR mogul



Summary: Microsoft DNS servers are said to be attacking other servers and Microsoft ignores the problem for weeks; Microsoft partners are accused of using DNS to harm and defame critics too; the MSBBC provides some more perception management by giving Microsoft a platform

It's happening again. Microsoft reveals to the world that even Microsoft can't help using GNU/Linux [1, 2, 3, 4, 5, 6]. It's just too awesome to avoid!



Unfortunately for Microsoft, it clearly lacks the skills to operate Free software. There's no in-house talent and internal operations are moreover outsourced/off-shored to Infosys where wages are lower. So anyway, what's it all about? Microsoft uses Linux for DNS and avoids its own 'solutions'. We have already given many links on security flaws in Microsoft's DNS implementation and Windows zombies with resultant DNS downtimes. Microsoft is now trying Linux and it allegedly misconfigured the servers, which obviously get hijacked as a result. [via]

For the past three weeks, internet addresses belonging to Microsoft have been used to route traffic to more than 1,000 fraudulent websites maintained by a notorious group of Russian criminals, publicly accessible internet data indicates.

The 1,025 unique websites — which include seizemed.com, yourrulers.com, and crashcoursecomputing.com — push Viagra, Human Growth Hormone, and other pharmaceuticals though the Canadian Health&Care Mall. They use one of two IP addresses belonging to Microsoft to host their official domain name system servers, search results from Microsoft’s own servers show. The authoritative name servers have been hosted on the Microsoft addresses since at least September 22, according to Ronald F. Guilmette, a researcher who first uncovered the hijacking.


Two days ago it was confirmed:

According to network security researcher Ronald F. Guilmette, the Microsoft IP addresses had been used to host the websites' authoritative name servers since at least September 22. El Reg ran the data he supplied by experts in DNS and botnet take-downs, and most said it likely indicated that one or more machines on Microsoft's network had been infected with malware.

About 24 hours after The Reg article ran, security reporter Brian Krebs reported that one of the two Microsoft IPs had been used to coordinate a massive denial-of-service attack against his website, KrebsOnSecurity.com. Shortly after the attacks began on September 23, researchers were able to pinpoint the Microsoft IP and within hours they notified Microsoft of the compromised IPs, the site reported.

Remarkably, the machines weren't unplugged from Microsoft's network until Tuesday, almost three weeks later, shortly after The Register article was published. Also notable, according to Krebs, the machines that were compromised were running Linux.


"It's not very clear why Microsoft failed to properly investigate the report at the time and allowed the abuse to continue on its network for another three weeks," say other sources and Brian Krebs probably has the most detailed analysis:

The attack on my Web site happened on Sept. 23, roughly 24 hours after I published a story about a criminal online service that brazenly sold stolen credit card numbers for less than $2 each (see: I’ll Take Two MasterCards and a Visa, Please). That story got picked up by BoingBoing, Gizmodo, NPR and a variety of other sites, public attention that no doubt played a part in the near-immediate suspension of that criminal Web site.

At first, it wasn’t clear what was behind the attack, which at one point caused a flood of traffic averaging 2.3 gigabits of junk data per second (see graph above). Not long after the attack ended, I heard from Raymond Dijkxhoorn and Jeff Chan, co-founders of SURBL, which maintains a list of Web sites that have appeared in spam. Chan sent me a message saying he had tracked the attack back to several Internet addresses, including at least one that appeared to be located on Microsoft’s network — 131.107.202.197.


Damage control came later:

Update, 7:34 p.m. ET: Christopher Budd, Microsoft’s response manager for trustworthy computing, sent this statement via email: “Microsoft became aware of reports on Tuesday, October 12, 2010, of a device on the Microsoft network that was possibly compromised and facilitating spam attacks. Upon hearing these reports, we immediately launched an investigation. We have completed our investigation and found that two misconfigured network hardware devices in a testing lab were compromised due to human error. Those devices have been removed and we can confirm that no customer data was compromised and no production systems were affected. We are taking steps to better ensure that testing lab hardware devices that are Internet accessible are configured with proper security controls.”


This exercise in damage control meets Pogson who writes that Microsoft "has been outed running GNU/Linux on some unsecured testing machines. The machines were being used to route surfers to spam sites." He then asks:

All kinds of questions arise:

* What was M$ doing with DNS servers running GNU/Linux open to the web? * Why were they unsecured? * Why did they take weeks and media coverage to get them taken off-line when a target of a DDOS attack organized by those servers reported to M$ promptly weeks ago? * If they were in a testing lab, why weren’t they being tested??? The Register article was published. Also notable, according to Krebs, the machines that were compromised were running Linux.


Damage control fail. Sorry, Microsoft.

Speaking of DNS, G-WAN alleges that Microsoft "is (illegally) Hijacking 16 of our Domain Names". We have not worked to verify this, but it's worth looking into.

This whole thing is becoming a PR disaster for Microsoft because it shows that the company uses Linux for its internal operations (whilst also attacking companies which use Linux), does not use it properly, and to make matters worse, it does not care if it harms other people's systems because of its misconfigured Linux boxes. And by the way, it's definitely a human problem, not a Linux problem, according to IDG:

Microsoft blamed human error after two computers on its network were hacked and then misused by spammers to promote questionable online pharmaceutical websites.


What a multi-dimensional PR disaster. Can the MSBBC rescue Microsoft's reputation? It sure can try.

The MSBBC has just published this rubbish 'article' where rather than say that about one in two Windows PCs is compromised decided to go to Microsoft for material, again (Windows zombies are just "sick" PCs, according to the MSBBC which quotes Microsoft's Charney).

Watch them using Microsoft-supplied/given numbers to talk about Windows and thus only deceive the public while pretending to inform:

The US leads the world in numbers of Windows PCs that are part of botnets, reveals a report.

More than 2.2 million US PCs were found to be part of botnets, networks of hijacked home computers, in the first six months of 2010, it said.


Says Microsoft. It's always orders of magnitude off target.

This article is so poor that it ends up making Microsoft look like a saviour rather than the party to blame for botnets. Technology propaganda continues to arrive from the MSBBC, which is occupied by former Microsoft UK executives. No surprise there, ever, but that's okay because it's so predictable.

Comments

Recent Techrights' Posts

Slopwatch: Plagiarism and "Linux" Articles by Bots
Sites that do this won't survive; many of them rely on slop services (suppliers) that will cease to exist after the bubble bursts
New XBox Leaks Probably Serve to Confirm XBox's Collapse (Many More Layoffs)
It's very much consistent with what many other sites have reported lately
 
Staying Happy in Times of Crackdowns on Civil Society
Optimism in this sort of "new reality" or "new normal" seems like something for the irrational person
"Nobel" Exploited Posthumously for "AI" Hype, Now They Do the Same With "Quantum"
ere have been many jokes about "Nobel" for peace (often granted to pro-war people) and a fake one for "Economics" (establishment propaganda)
Distinguished Lecture by Richard Stallman This Coming Monday in Rome
After "Free software, Crucial for Freedom in a Digital World"
Links 10/10/2025: Putin Admits Russia Downed Azerbaijan Airlines Jet, More New Heat Records
Links for the day
Noteworthy Claim That IBM is Firing a Lot of Lawyers This Week (RAs in the Legal Department)
A lot of what they do is patent 'trolling' or lawyering up against their own staff (e.g. HR disputes)
Links 10/10/2025: US Judge Bars Attacks by ICE On Journalists and Protesters; “We Took The Freedom of Speech Away” Says the President
Links for the day
Slopwatch: Serial Sloppers, Google News Gifting Slopfarms, and Fake News/Plagiarism About "Linux"
Google itself is a slop pusher these days
Qualcomm, the New Owner of Arduino, Blasted for Its Software Patents Tax on 'Smartphones'
A lot of Qualcomm's patents are on software. We wrote about this in prior years.
XBox Layoffs Rumours, Downtime, and Criticism From XBox Co-Founder
"everyone is ditching the xbox."
Links 10/10/2025: Honoring The Legacy Of Robert Murray-Smith, Many Articles on the Hey Hi (AI) Bubble
Links for the day
Gemini Links 09/10/2025: October Gothic and Reading Middle Earth Role Playing; C and Ada
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, October 09, 2025
IRC logs for Thursday, October 09, 2025
Links 09/10/2025: Farewell to Jane Goodall, California Bans Algorithmic Price-Fixing
Links for the day
Gemini Links 09/10/2025: Lost Wages and a Saga Of Continuing To Use Palm PDAs
Links for the day
Richard Stallman's Talk in Helsinki is Done. Tomorrow Göteborg.
There are scarce details in Finnish about Dr. Stallman's talk
The Slop Song
The train wreck marches on
LLM Slop/Advanced Plagiarism Flooding the Zone With Capital That Does Not Exist
Many publishers out there still participate in this bubble instead of calling it what it is
Links 09/10/2025: Sacked Microsoft Workers Make "Sackbird", IBM Taps CockroachDB for PostgreSQL
Links for the day
"Happy Hacking Day" Richard Stallman Talk This Afternoon (From 14:00 to 16:00) at Haaga-Helia University in Pasila
Richard Stallman in Helsinki, Finland
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, October 08, 2025
IRC logs for Wednesday, October 08, 2025
Links 09/10/2025: Impact of Microsoft Layoffs, More Data Breaches
Links for the day
Gemini Links 09/10/2025: Autumn Blues and C IRC Bot
Links for the day
Slopwatch Appreciated by Real Authors of GNU/Linux Articles
We do try to keep on top of those things
Upgraded R.R.R.R.R.R. Today
The Web of 2025 is full of garbage, not limited to slopfarms
Freedom From Proprietary Prisons
Forking always an option
IBM's Watson Died in 1956, Now Watson Dies Again
IBM is becoming just a reseller of GAFAM and other stuff
Slopwatch: LinuxSecurity, UbuntuPIT, and Google News
We've also just noticed more slop from UbuntuPIT
Microsoft Says That Constant Mass Layoffs Are Success, the Media Isn't Buying This Microsoft Narrative Anymore
If people in the media feel an obligation to repeat whatever lies Microsoft tells, what point will there be to the media?
Links 08/10/2025: "Mali Puts Free Speech on Trial" And Apple Enforces Dictatorship
Links for the day
Links 08/10/2025: ‘Death to Spotify’ and Law to Ban Loud Commercials on Streaming (Dis)Services
Links for the day
Links 08/10/2025: Real Innovation and Nina.chat is Dead
Links for the day
Links 08/10/2025: Y2K38 Bug is a Vulnerability, Chat Control in Europe a Threat
Links for the day
Microsoft Windows is No Longer an Operating System, It's Surveillance Project
Why is this even legal to preload on PCs outside the US?
How and Why Once-Legitimate Sites Turn Into Slopfarms
Many sites will go offline and many social control networks will shut down once they realise or even openly admit they spend money and time gardening a bunch of bots and slop
UbuntuPIT Became a Slopfarm and Gnoppix Tarnishes Its Own Brand With Slop
It fits all the characteristics of mildly-edited (if at all) slop
Slopwatch: Linux Journal and Other Slopfarms
GAFAM needs to go the way of the dodo
Gemini Links 08/10/2025: "Seek Seek Revolution" and Gradient Backgrounds
Links for the day
Qualcomm Arduino Takes Aim at Raspberry Pi
Qualcomm is a Microsoft partner
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, October 07, 2025
IRC logs for Tuesday, October 07, 2025
Stagnation of the Economy and What Free Software Can (or Could) Do For It
If your economic model is based on a pyramid of lies, it won't last very long
Social Control Media is Sinking
it would rightly seem like the era of centralised "social" sites (they're not social, they're about controlling the users) is ending, not overnight but gradually