Bonum Certa Men Certa

DNS Suspended by Microsoft Windows Botnets

Warpath of Web destruction

TWO DAYS ago I was unable to use the Internet properly. This network's DNS servers came under massive attack at a time when hundreds of millions of Windows zombies ran rampant. It's neither a new problem [1, 2] nor does affect just the network that I'm on. There are similar complaints and status reports out there on the Web right now.

Potential Latency on Network Solutions DNS



There is a spike in DNS query volumes that is causing latency for the delay in web sites resolving. This is a result of a DDOS attack. We are taking measures to mitigate the attack and speed up queries

—————-

There may be some latency on Network Solutions DNS Severs and some queries may be timing out. This may include instances when someone types a domain name into a browser and the website will temporarily not resolve. Network Solutions Operations is working on optimizing the DNS queries and investigating the issue.


There is nothing that prevents a determined cracker (or a gang of them) from taking down DNS globally [18, 19], especially given Windows botnets of biblical proportions . This almost happened 2 years ago and there are still no effective defenses in place. The same goes for the scale of botnets -- a solution to which Microsoft cannot deliver.

"Microsoft slammed over security advice



US COMPUTER Emergency Readiness Team (US-CERT) has warned that Microsoft's advice about how to beat the Downadup worm is flawed.


And things are getting worse before they get better.

A security expert has managed to transfer the digital signature of one Windows program to another, without invalidating the signature. Didier Stevens, who presented the attack in his blog, exploited the fact that Microsoft's Authenticode code signing standard accepts the vulnerable MD5 hash algorithm. Stevens used this to generate two programs which have identical code signatures, but behave differently.


How long can this chaos [1, 2, 3] go on for? Many related news (2006-2008, re: DNS) are added as references below.

Airplane crash
What if aircrafts accepted Microsoft quality control?



_____ [1] Open source DNS server takes on BIND

Four companies led by Dutch non-profit NLnet Labs have launched an open source, Linux-compatible DNS (Domain Name System) server. "Unbound," which is also sponsored by VeriSign, Nominet, and Kirei, claims to offer a validating, recursive, and caching DNS server that is faster than the open source DNS mainstay BIND.


[2] VeriSign Takes Aim at Open Source DNS

Now VeriSign, the company that runs that .com and .net domains, is aiming to provide an open source alternative to BIND, called Unbound.


[3] SocialDNS: Free Domains for a Free Internet

John Sullivan (FSF) invited me to present in this mailing list the SocialDNS project (http://www.socialdns.net). I am very interested in obtaining feedback from the GNU community because we want to submit our project to the Free Software Directory soon.


[4] DNS Patches Slow Servers, but Fast Action Is Advised

Microsoft issued a mea culpa about its DNS update on July 17, saying that the patch was crippling some machines running its Windows Small Business Server suite. Then, on July 25, it said the patch could also affect some network services on systems running Windows Server 2008, Windows Server 2003 and Windows 2000. In both instances, Microsoft detailed work-arounds.


[5] DNS poisoners hijack typo domains

People arrive at these pages when the domain name they request is unavailable, because, for example, they mistyped the URL. ISPs use this redirection method, known as Typosquatting, to advertise free domains or competing products. In the present case, however, clients don't arrive on the Typosquatter pages, but on pages with a crafted trojan.


[6] Microsoft DNS fix causes trouble for some

The Microsoft Corp. released a DNS fix in its patch slate for July, but the company seems to have problems just getting it to end users. Moreover, some users of the DNS fix have experienced additional difficulties.

So far, since Microsoft's DNS fix was issued on July 10, there have been two separate problems associated with its installation.


[7] H D Moore has NOT been owned

From the "half truths that journo's tell" file:

I've been following the Kaminsky DNS cache exploit issue closely since it was first announced - and no doubt so has everyone else in the security business. As such I was surprised to read a headline this morning that said that Metasploit founder H D Moore (and yes Virginia, there is a Santa Claus and I run Metasploit on a test machine too - who doesn't?) had been 'owned' (should've been p'wned I think) by the DNS flaw.

The story is not true - at least according to H D Moore who claims he was misquoted by the journalist in question.

"In a recent conversation with Robert McMillan (IDG), I described a in-the-wild attack against one of AT&T's DNS cache servers, specifically one that was configured as an upstream forwarder for an internal DNS machine at BreakingPoint Systems," H D Moore wrote in a blog post. "Shortly after our conversation, Mr. McMillan published an article with a sensationalist title, that while containing most of the facts, attributed a quote to me that I simply did not say. Specifically, `"It's funny," he said. "I got owned."


[8] SUBJECT: Microsoft SWI blog inaccuracies

As you know, 3 weeks ago I published my paper, "Microsoft Windows DNS Stub Resolver Cache Poisoning" (http://www.trusteer.com/docs/Microsoft_Windows_resolver_DNS_cache_poisoning.pdf),

simultaneously with Microsoft's release of MS08-020 (http://www.microsoft.com/technet/security/Bulletin/MS08-020.mspx). A day later, Microsoft's Secure Windows Initiative (SWI) team published their blog entry for MS08- 020 (http://blogs.technet.com/swi/archive/2008/04/09/ms08-020-how-predictable-is-the-dns-transaction-id.aspx).

Unfortunately, the SWI blog entry contains two serious mistakes. The first mistake is an inaccurate description of the PRNG used for the Microsoft Windows DNS client transaction ID. The second mistake is SWI's claim that "attackers cannot predict a guaranteed, known-next TXID exactly even with this weakness".

I contacted Microsoft about those mistakes, and while Microsoft did not refute my statements, they also refused to revise the blog entry. On one hand, I am inclined to tag this as a simple unwillingness on the side of the vendor to revise its materials and admit its mistakes. On the other hand, I cannot ignore the fact that the two mistakes, when combined, result in misleading the blog reader about the nature and the severity of the problem.

[...]

This is in stark contrast to SWI's claims. Furthermore, Microsoft did have the full paper (actually, a draft of it which contains all the relevant technical information) well before the SWI blog was published. So the problem here is not an issue of SWI not having access to the paper when they wrote their blog entry.


[9] Microsoft preps 133 patches for Windows DNS hole

Microsoft is working on 133 separate updates for the problem, Budd wrote.


[10] Microsoft DNS Server Attacks Continue

The concept enables malicious users to run code remotely under the system privileges generally granted to the DNS service itself.


[11] Microsoft: Patch for critical DNS flaw may be ready by 8 May

The cmopany has been under pressure to address the flaw, reported last week, since software that exploits it has now been widely disseminated, and criminals are beginning to use it in attacks.


[12] Attack code raises Windows DNS zero-day risk

At least four exploits for the vulnerability in the Windows domain name system, or DNS, service were published on the Internet over the weekend, Symantec said in an alert Monday.


[13] Cybercrooks exploiting new Windows DNS flaw

Cybercrooks are using a yet-to-be-patched security flaw in certain Windows versions to attack computers running the operating systems, Microsoft warned late Thursday.


[14] Microsoft's advisories giving clues to hackers

How's this for a new twist on the old responsible disclosure debate: Hackers are taking advantage of information released in Microsoft's pre-patch security advisories to create exploits for zero-day vulnerabilities.


[15] DNS security improves as firms tool up to tackle spam

Infoblox's survey found that the number of internet-facing DNS servers increased from 9m in 2006 to 11.5m in 2007, indicative of the overall growth of the internet. Percentage usage of the most recent and secure version of open-source domain name server software - BIND 9 - increased from 61 per cent to 65 per cent over the last year. Use of BIND 8, by contrast, dropped from 14 per cent in 2006 to 5.6 per cent this year. Usage of the Microsoft DNS Server on web-facing systems also fell, decreasing to to 2.7 per cent in 2007 from five per cent last year.


[16] Use of rogue DNS servers on rise

The paper estimates roughly 68,000 servers on the Internet are returning malicious Domain Name System results, which means people with compromised computers are sometimes being directed to the wrong Web sites — and often have no idea.


[17] New shield foiled Internet backbone attack

ICANN has yet to determine the exact techniques used in the February attack. The incident will be discussed at a meeting of DNS root server operators later this month, the organization said.


[18] Zombie botnets attack global DNS servers

Hackers launched a sustained attack last night against key root servers which form the backbone of the internet.

Security firm Sophos said that botnets of zombie PCs bombarded the internet's domain name system (DNS) servers with traffic.

"These zombie computers could have brought the web to its knees," said Graham Cluley, senior technology consultant at Sophos.


[19] EveryDNS, OpenDNS Under Botnet DDoS Attack

The last time the Web mob (spammers and phishers using botnets) decided to go after a security service, Blue Security was forced to fold and collateral damage extended to several businesses, including Six Apart.


[20] Homeland Security sees cyberthreats on the rise

To test the nation's response to a cyberattack, the Department of Homeland Security plans to hold another major exercise, called Cyberstorm II, in March 2008, Garcia said. A first such exercise happened early last year.


[21] Perspective: Microsoft security--no more second chances?

As if Homeland Security Secretary Michael Chertoff didn't have enough on his plate.

Not only has he had to deal with Katrina and Osama. Now he's also got to whip Steve Ballmer and the crew at Microsoft into shape. If past is prologue, that last task may be the most daunting of all.


[22] U.S. cyber counterattack: Bomb 'em one way or the other

If the United States found itself under a major cyberattack aimed at undermining the natio's critical information infrastructure, the Department of Defense is prepared, based on the authority of the president, to launch a cyber counterattack or an actual bombing of an attack source.


[23] US plans for cyber attack revealed

Comments

Recent Techrights' Posts

Techrights is Officially an Adult
this site's eighteenth anniversary
Technology: rights or responsibilities? - Part IX
By Dr. Andy Farnell
Many Geeks' Achilles Heel: They Don't Take Computer Breaks
Life can get longer if you stay healthy
In Asia, Microsoft's Bing Became Smaller Than Yandex and It Shrinks Every Month
How long before Microsoft pulls the plug on Bing?
 
It's FOSS? No, It's SPAM.
Another sellout
Links 04/12/2024: Social Control Media Thoughts, Enrons of 2024, and More
Links for the day
Gemini Links 04/12/2024: Soviet Esotericism, Mikrotik is Awesome, and More
Links for the day
[Meme] Silicon Valley's "Successful Businessmen"
Debt is not a currency
Visualising About 0.7 Trillion Dollars of Debt in Supposedly "Successful" Tech Companies
If they're doing so well, how come they borrow so much money (which some would struggle to pay back or never manage to pay back)?
Single-Digit Microsoft: Windows Finally Falls Below 10% in Angola
it's only a matter of time before Windows is down to 5%
Coming Up With Topics to Cover and Issues to Comment on
Socialising is a big part of it
[Meme] Far From What Was Originally Intended
Makes site about RMS; Deletes his own 'site'
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, December 03, 2024
IRC logs for Tuesday, December 03, 2024
Illuminating Microsoft's Dirty Tactics
Criticising illegal things that Microsoft does can be classified as "Microsoft bashing" or "hatred"
Proof That Drew DeVault Vanished From Mastodon After the RMS Attack Site Was Linked to Him (and People Pointed Out DeVault's Fascination With Animated CP, Drawings of Naked Kids)
We assume he just wanted to vanish from Mastodon
Maybe Bill Gates is Getting Demented Like His Late Father (He Says Things That Are True But He's Not Supposed to Say in Public)
It happened in a podcast with Reid Hoffman
We've Clearly Struck a Nerve
Microsofters and Microsoft proxies have meanwhile lost their temper
The Userbase of GNU/Linux is Growing, Investments in the FSF Grow Too (in Spite of Microsofters Inciting and Slandering It)
The FSF's expenses are close to 2 million dollars a year
Links 03/12/2024: Pat Gelsinger's Firing Spun as 'Retirement', US Exports Land Mines
Links for the day
Links 03/12/2024: GrapheneOS, Raspberry Pi 4, and More
Links for the day
Links 03/12/2024: Googlebombing "Windows 12", Games Preservation, and Public Domain Game Jam
Links for the day
Steven J. Vaughan-Nichols (SJVN) 'Works' for Linux Foundation (LF) on SPAM Campaigns, Just Like Spamnil's TFiR (Swapnil Bhartiya)
How can he publish something like this under his name?
Microsoft's Debt Ratio is Awful
It owes almost 150% of what it can give
Microsoft Has Already Laid Off Tens of Thousands of Workers, "Headcount" is Misleading Spin From Microsoft-Funded Sites
Expect Microsoft to suck up to Trump, looking for more bailouts (those typically manifest themselves in the form of "defence" contracts)
South America: GNU/Linux Grew to 8.15% Venezuela, Steadily Over 3% Overall
holding steady above 3%
Clownflare (Cloudflare) Debt Grows, Losses Continue
debt of nearly $400,000 per employee
Gemini Links 03/12/2024: December Adventure and Social Justice Gone Wild
Links for the day
Microsoft Windows Falls to 12.5% in Cuba, Android Soaring
Windows isn't even doing too well on desktops/laptops
[Meme] GAGAM: Google, Apple, Gulag, Amazon, Microsoft, and the Rest
The Web has never been more dangerous and hostile
ChromeOS Isn't Freedom, But It's Killing Microsoft's Ability to Profit From Windows
ChromeOS has shot up to 22% in Sweden
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, December 02, 2024
IRC logs for Monday, December 02, 2024
The L Word (Not Linux)
Championing Software Freedom is "dangerous"
Did IBM Layoffs Stop? Ask Dr. Krishna, The 'Genius' of IBM...
Trust AK to solve all the problems of IBM by creating bigger problems
It's Easy to Snyk in Marketing SPAM (and FUD) Into BetaNews
The latest marketing piece (disguised as information, not shameless self-promotion)
[Meme] Sportwashing vs Code of Censorship (CoC)
Expectation of censorship (censor for me... or else!)
GNU/Linux at 4% in Algeria
So it more than doubled since last year
With 4 Weeks to Go (Before the End of 2024) the FSF Has Already Raised Close to 100,000 Dollars
The FSF must be doing something right
"Linux on the Desktop" (Less Than a Third of Web-connected Computers Still a Desktop or Laptop)
It's like we're chasing a goal that's 2 or 3 decades in the past
[Meme] The Failure of Microsoft Rebranding Campaigns
market share down, costs soared, back to basics
2 Years Have Passed Since ChatGPT Vapourware and Bing Gained Nothing, Yandex is About to Overtake Microsoft in Search
A cause for concern at Microsoft?
GNU/Linux Rises to 4% in Ireland, ChromeOS Grows and Android Takes Windows' Lunch
Windows down to 22%
[Meme] Meanwhile at Intel (Where the CEO Got the Boot)
Well, if taxpayers pay to save Intel, then Intel should be publicly owned (by those taxpayers)
A Cult of Fake Security
It's almost as if there's a coordinated effort to weed out and drive away people who are passionate about security for the users, as opposed to the financial security of companies like Google and Microsoft
Why Your Web Site Should Also Support HTTP (Without 'Secure')
sites which force everybody to use HTTPS have an inherent accessibility problem
Gemini Links 02/12/2024: Long Hair and Spirituality, Technology and Nature
Links for the day
Windows Not Even a 'Thing' Anymore... in North America (Where It Originally Came From)?
StatCounter shows Windows isn't even listed as a leading platform in any country in North America
Links 02/12/2024: Obesity Crisis to Worsen, Syrian Coups Rebound
Links for the day
Months After Mass Layoffs at Microsoft Nigeria Windows "Market Share" Collapses (Now Measured at 5%)
Of course the winner is Android (new all-time high of 77.3%)
Microsoft Windows is Technically at 0% in Some Countries
It's not an important platform to target anymore
Windows Measured at 5.7% 'Market Share' in Philippines, GNU/Linux Rose to 5%
It was 3.62% last month
South America Has Made It (Android Majority Everywhere) and in North America New Records for GNU/Linux Usage
Windows monopoly rents cannot be salvaged
Windows Down to Only One in Six Internet- or Web-Connected Devices in Asia
it's not looking good for Microsoft
Microsoft Windows Market Share in the United Kingdom Has Fallen to About 20%
Microsoft knows the true numbers, but it would rather not tell
statCounter: GNU/Linux Up to 4.6%, Windows Down Sharply This Month (Almost 22% Worldwide)
Let's see it the figures stay stable throughout the month
Figures of Note: Tesla's Debt Has More Than Doubled in Two Years and It's a Symptom of a Fake Economic Order
Cash infusions by taxpayers can create "billionaires" who aren't "job creators" (see what happened to Twitter) and bring no benefits to these taxpayers, only poverty
Linux Foundation Let Linux.com Rot for Two Months and Now It Posts Ridiculous Spam
Mindless shopping site
Links 02/12/2024: Journalists Arrested, Tesla Factories Destroying the Planet and Public Health
Links for the day
Gemini Links 02/12/2024: Adventures With Bevy, Google Very Evil, Jumping Into Gemini
Links for the day
BetaNews is Still a Shrine of Microsoft, and Casually Also an LLM Slop Factory
Fake articles, anti-Linux FUD, and Microsoft propaganda make a sound "business model"?
[Meme] Cyber Monday is Not a Thing; There's No Such Thing (It's a Corporate SPAM Campaign Plaguing the Web)
Enough with these fake 'holidays' that billionaires (business oligarchs) keep inventing to make more money at other people's expense (debt)
Software Freedom Conservancy (SFC) and Linux Foundation: Same Mentality of Revisionism and Plunder
Lie about history and then 'cash in'
[Meme] Software Freedom Conservancy (SFC) Begs You for Donations
How does one even spend 20,000 dollars per month???
Why Software Freedom Conservancy Does Not Deserve Money (Karen Sandler is Already a Millionaire and Her Organisation Attacks Free Software Leaders)
These people speak for "Big Money" interests, not for freedom
On the internet [sic] (Lowercase), They Spread Misinformation About the Internet
Hugh Grant remembers what happened before he was born
Richard Stallman Was Getting Honorary Doctorates Almost Every Year Until 'Cancel Culture' Stepped in, Distracting From Jeffrey Epstein's Ties to Bill Gates
This finally ended... earlier this year (October)
Self-Deprecating Attacks on RMS
Drew DeVault seems to have deleted all of his social control media accounts
When Bills Are Rising, Whereas the Demand Isn't (OpenAI is Insolvent)
Latest month on record shows traffic fell about 3 times lower than earlier this year
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, December 01, 2024
IRC logs for Sunday, December 01, 2024
Links 02/12/2024: Climate, Sportwashing, and Software Patents
Links for the day
Gemini Links 02/12/2024: Words and Apologies, Being Rude, and Geminauts 0.1.0 Release
Links for the day