Bonum Certa Men Certa

Microsoft Uses GNU/Linux for DNS, But Still Stuck at Beginners' Level

"In Ballmer's naively managerial mind-set, if Wood said it would take two months, then in reality it could be done in one—if only people would get fired up."

--Barbarians Led by Bill Gates, a book composed
by the daughter of Microsoft's PR mogul



Summary: Microsoft DNS servers are said to be attacking other servers and Microsoft ignores the problem for weeks; Microsoft partners are accused of using DNS to harm and defame critics too; the MSBBC provides some more perception management by giving Microsoft a platform

It's happening again. Microsoft reveals to the world that even Microsoft can't help using GNU/Linux [1, 2, 3, 4, 5, 6]. It's just too awesome to avoid!



Unfortunately for Microsoft, it clearly lacks the skills to operate Free software. There's no in-house talent and internal operations are moreover outsourced/off-shored to Infosys where wages are lower. So anyway, what's it all about? Microsoft uses Linux for DNS and avoids its own 'solutions'. We have already given many links on security flaws in Microsoft's DNS implementation and Windows zombies with resultant DNS downtimes. Microsoft is now trying Linux and it allegedly misconfigured the servers, which obviously get hijacked as a result. [via]

For the past three weeks, internet addresses belonging to Microsoft have been used to route traffic to more than 1,000 fraudulent websites maintained by a notorious group of Russian criminals, publicly accessible internet data indicates.

The 1,025 unique websites — which include seizemed.com, yourrulers.com, and crashcoursecomputing.com — push Viagra, Human Growth Hormone, and other pharmaceuticals though the Canadian Health&Care Mall. They use one of two IP addresses belonging to Microsoft to host their official domain name system servers, search results from Microsoft’s own servers show. The authoritative name servers have been hosted on the Microsoft addresses since at least September 22, according to Ronald F. Guilmette, a researcher who first uncovered the hijacking.


Two days ago it was confirmed:

According to network security researcher Ronald F. Guilmette, the Microsoft IP addresses had been used to host the websites' authoritative name servers since at least September 22. El Reg ran the data he supplied by experts in DNS and botnet take-downs, and most said it likely indicated that one or more machines on Microsoft's network had been infected with malware.

About 24 hours after The Reg article ran, security reporter Brian Krebs reported that one of the two Microsoft IPs had been used to coordinate a massive denial-of-service attack against his website, KrebsOnSecurity.com. Shortly after the attacks began on September 23, researchers were able to pinpoint the Microsoft IP and within hours they notified Microsoft of the compromised IPs, the site reported.

Remarkably, the machines weren't unplugged from Microsoft's network until Tuesday, almost three weeks later, shortly after The Register article was published. Also notable, according to Krebs, the machines that were compromised were running Linux.


"It's not very clear why Microsoft failed to properly investigate the report at the time and allowed the abuse to continue on its network for another three weeks," say other sources and Brian Krebs probably has the most detailed analysis:

The attack on my Web site happened on Sept. 23, roughly 24 hours after I published a story about a criminal online service that brazenly sold stolen credit card numbers for less than $2 each (see: I’ll Take Two MasterCards and a Visa, Please). That story got picked up by BoingBoing, Gizmodo, NPR and a variety of other sites, public attention that no doubt played a part in the near-immediate suspension of that criminal Web site.

At first, it wasn’t clear what was behind the attack, which at one point caused a flood of traffic averaging 2.3 gigabits of junk data per second (see graph above). Not long after the attack ended, I heard from Raymond Dijkxhoorn and Jeff Chan, co-founders of SURBL, which maintains a list of Web sites that have appeared in spam. Chan sent me a message saying he had tracked the attack back to several Internet addresses, including at least one that appeared to be located on Microsoft’s network — 131.107.202.197.


Damage control came later:

Update, 7:34 p.m. ET: Christopher Budd, Microsoft’s response manager for trustworthy computing, sent this statement via email: “Microsoft became aware of reports on Tuesday, October 12, 2010, of a device on the Microsoft network that was possibly compromised and facilitating spam attacks. Upon hearing these reports, we immediately launched an investigation. We have completed our investigation and found that two misconfigured network hardware devices in a testing lab were compromised due to human error. Those devices have been removed and we can confirm that no customer data was compromised and no production systems were affected. We are taking steps to better ensure that testing lab hardware devices that are Internet accessible are configured with proper security controls.”


This exercise in damage control meets Pogson who writes that Microsoft "has been outed running GNU/Linux on some unsecured testing machines. The machines were being used to route surfers to spam sites." He then asks:

All kinds of questions arise:

* What was M$ doing with DNS servers running GNU/Linux open to the web? * Why were they unsecured? * Why did they take weeks and media coverage to get them taken off-line when a target of a DDOS attack organized by those servers reported to M$ promptly weeks ago? * If they were in a testing lab, why weren’t they being tested??? The Register article was published. Also notable, according to Krebs, the machines that were compromised were running Linux.


Damage control fail. Sorry, Microsoft.

Speaking of DNS, G-WAN alleges that Microsoft "is (illegally) Hijacking 16 of our Domain Names". We have not worked to verify this, but it's worth looking into.

This whole thing is becoming a PR disaster for Microsoft because it shows that the company uses Linux for its internal operations (whilst also attacking companies which use Linux), does not use it properly, and to make matters worse, it does not care if it harms other people's systems because of its misconfigured Linux boxes. And by the way, it's definitely a human problem, not a Linux problem, according to IDG:

Microsoft blamed human error after two computers on its network were hacked and then misused by spammers to promote questionable online pharmaceutical websites.


What a multi-dimensional PR disaster. Can the MSBBC rescue Microsoft's reputation? It sure can try.

The MSBBC has just published this rubbish 'article' where rather than say that about one in two Windows PCs is compromised decided to go to Microsoft for material, again (Windows zombies are just "sick" PCs, according to the MSBBC which quotes Microsoft's Charney).

Watch them using Microsoft-supplied/given numbers to talk about Windows and thus only deceive the public while pretending to inform:

The US leads the world in numbers of Windows PCs that are part of botnets, reveals a report.

More than 2.2 million US PCs were found to be part of botnets, networks of hijacked home computers, in the first six months of 2010, it said.


Says Microsoft. It's always orders of magnitude off target.

This article is so poor that it ends up making Microsoft look like a saviour rather than the party to blame for botnets. Technology propaganda continues to arrive from the MSBBC, which is occupied by former Microsoft UK executives. No surprise there, ever, but that's okay because it's so predictable.

Comments

Recent Techrights' Posts

The Register Bill
The Register MS - putting the "MS" in your centre of the universe
Analogies for "Memory Safety" in Rust
Don't worry, it's Rust! It can do anything!
 
Microsoft Sites Now Talking About September's Mass Layoffs at Microsoft
It's noteworthy that even Microsoft's MSN now covers the latest revelations about mass layoffs
Gemini Links 06/09/2025: SpellBinding Moving and "The Cloud" Ridiculed
Links for the day
Slopwatch: On "the Apology Industry", Chatbots (Punchbag for Customers), and Fake Articles About "Linux"
"news reporting priorities changed"
Links 06/09/2025: "Covid Incidence on the Rise" and Many Attacks on the Press Worldwide
Links for the day
Nobody Denies That SecureBoot Will Cause Problems After September 11
Not even Microsoft
Gemini Links 06/09/2025: Infinite Scrolling and Posting from Emacs
Links for the day
Links 06/09/2025: GitHub Meltdown Over Slop, "U.S. Jury Says Google Should Pay $425 Million in Privacy Lawsuit"
Links for the day
Despite Its Severe Financial Problems Gnome Foundation Inc Paid Rosanna Yuen Over 100,000 Dollars Last Year
maybe relocation should be considered
The "Left" and the Right"
It poisons everything
Mozilla and Rust Are Not Leftists
they're part of the mass consumerism machine
Disposable to Microsoft
There is an extensive set of people who got used by Microsoft, only to be thrown away a month later or a year later or a decade later
The UEFI 9/11 - Part VII - This Coming Week Many PCs Will Refuse to Boot "Linux" (Because of Microsoft's Expired Certificate)
The real solution is, disable "secure boot" or "SecureBoot" while it's still possible. [...] Just like submarine patents, a lot of this problem was "hibernating" for a while
The Thing Nobody in Red Hat Wants to Talk About Openly
There is a real sentiment or worry among Red Hatters, Europeans and Americans in particulars (because of higher salary expectations)
Slopwatch: Small Parade of Fake News About "Linux" and Scams Borrowing the Name (or Word) "Linux"
In practice, LLMs are a risk
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, September 05, 2025
IRC logs for Friday, September 05, 2025
Genini Links 05/09/2025: Community, ROOPHLOCH, and PITkit
Links for the day
Links 05/09/2025: Vaccine Sceptics Poison the Well, Two Exploited Vulnerabilities Patched in Android
Links for the day
Gemini Links 05/09/2025: Logitech Lift and DIY Gemini Servers
Links for the day
Links 05/09/2025: Sainsbury's Caught Spying on In-Store Shoppers and Microsoft "OpenAI is Using Legal Threats to Harass its Critics"
Links for the day
BASIC Predates Microsoft by Over a Decade, Microsoft-Controlled Sites Like The Register MS Don't Want You to Know This
The state of the media is really bad when it relies a lot on oligarchs' money and is appointing editors who are working for oligarchs
Brian Kernighan, "Only Third to Dennis Richie and Ken Thompson" (UNIX), Agreed With Someone Who Said Rust Was Just Hype, Should Not Replace C
17 hours ago
Reminder: Microsoft's "Secure Boot" Certificate for "Linux" Will be Expired in One Week
Many PCs won't manage to 'rotate' to another certificate
"Many of the Red Hat Employees Are Still Looking for Work"
Shame on IBM's CEO
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, September 04, 2025
IRC logs for Thursday, September 04, 2025
Microsoft Started With Code Literally From The Trash, Nothing Has Improved Since
The reality is, there are systems and code that are reliable. But they're not Microsoft's.
Hypothesis That New McKinsey/Microsoft Executive Inside Red Hat Will Outsource Research and Development Operations to India (Like They Do in IBM)
IBM is floundering
Slopwatch: Scams, Fake Articles About "Linux", Plagiarism, and Worse
Perhaps some time soon the LLMs or the "Big LLMs" will run out of money (to borrow) and go offline, leaving those slopfarms in a tough place
Gemini Links 04/09/2025: Means of Production and Rusting Out
Links for the day
Links 04/09/2025: Science, Hardware, and Eyes on China
Links for the day
Gemini Links 04/09/2025: Digital Minimalism and Social Control Media
Links for the day
IBM's GNU/Linux Divestment, Based on Hard But Anecdotal Evidence (IBM Fails to Recognise How Much Money It Made and Can Still Make From "Linux")
Love us or hate us, a lot of what we've been saying about Red Hat under IBM turns out to be rather accurate
Links 04/09/2025: Massive Microsoft Staff Cuts (Barely Reported), "Strange Conspiracy Theory Is Reportedly Spreading Inside OpenAI"
Links for the day
Activists Can Win, But Keep an Eye on the Ball and on the Trophy
GitHub is dying, it was a loss-making trap, not free hosting
Gemini Links 04/09/2025: Katrina Remembered, Distracted Driving, and Virtual Economics
Links for the day
At This Point It's No Longer Matthew Garrett But People Who Fund Matthew Garrett (or Companies That Fund His SLAPPs Against My Wife and I)
The only thing worse than misogynists are misogynists who fail to respect other people's right to go on holiday
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, September 03, 2025
IRC logs for Wednesday, September 03, 2025
The UEFI 9/11 - Part VI - This Serious Harm Was Planned for Over a Decade, Not an Accident or Merely Some Misfortune
The term "Serious Harm" is legally meaningful here
GNOME Unfit for Diversity and Inclusion
GNOME's leadership is using "bad words"
Brodie Robertson Addressing the Recently-Discovered Comments
Most people probably knew nothing about this until he wrote a response
Red Hat QA Team "Had Shrunk by Half Over the Past Year." (After IBM Divestment)
If Red Hat's workforce is being moved to the East, then RHEL can become a national security problem
Slopwatch: "Open Source" and "Linux" News Faked, Made by Bots and Entered Into Google News
Spam combined with slop about "Linux" has entered Google News