03.21.10
Posted in Microsoft, Security, Windows at 7:36 pm by Dr. Roy Schestowitz
“Fuerza Bruta”
Summary: How Windows botnets enable criminals to make a lot of money at the expense of Windows users
WINDOWS means business. Sure, it stands in the way of many legitimate businesses, but at least some bad guys manage to make a living out of Windows’ flaws. Here is the latest example:
Facebook’s 400 million users have been targeted by a spam run that could infect their computers with malicious software designed to steals passwords and other data, according to security researchers at McAfee.
There are two elements at play here; first, there is the brute-force mailing, which typically requires botnets; secondly, there is malware here that only runs on Windows (the article neglects to say this, just like many others). Tracy Anne corrects this in the comments, but it really should not be required if journalists do their job properly.
It wasn’t so long ago that the SEC reported the effects of SPAM (Microsoft Windows zombie spewage) on Wall Street trade. It was reportedly the same outside the United States. Botnets were affecting stock prices with manipulation through brute-force disinformation for pump-and-dump schemes (references here). Wired Magazine reported the following some days ago:
SEC: Hacker Manipulated Stock Prices
U.S. regulators are moving to freeze the assets and trading accounts of a Russian accused of hacking into personal online portfolios and manipulating the price of dozens of stocks listed on the Nasdaq Stock Market and New York Stock Exchange.
A New York federal judge on Tuesday sided with the Securities and Exchange Commission and froze the assets of Broco Investments, believed to be a one-trader operation based in St. Petersburg, Russia. The SEC said Broco capitalized by artificially moving prices of more 38 thinly traded securities — enabling Broco to profit from up-or-down price swings.
[...]
The so-called “hack, pump and dump” scheme is among the latest illicit methods of gaming the market though hacking.
Earlier today we wrote about Bitdefender (which is supposed to defend Windows) simply castrating and breaking the operating system. That’s what one gets for trying to secure Windows. Our reader Tim wonders if “Bitdefender is spot on”:
Allegedly Bitdefender has identified several parts of Windows as a trojan, fixed them and subsequently brought down Windows.
Being flippant, one could argue that Bitdefender was merely doing its job and identifying Windows as a trojan was correct, another camp could list it as yet another issue Microsoft’s OS has stumbled into.
By the definition of the words “malware” and “spyware”, Microsoft Windows is both. Just because it’s widely used does not except it from the symptoms and the diagnosis. █
Permalink
Send this to a friend
Posted in Microsoft, Security, Windows at 5:49 am by Dr. Roy Schestowitz
Summary: Assemblage of security news from recent days
• Spammers survive botnet shutdowns
Victims, typically users of Windows machines, often fall victim via booby-trapped e-mail messages or through websites that slip malware onto computers via software vulnerabilities.
• Don’t trust that Web Address!
But, that comes with using Windows. What’s more disturbing is that these malware-bearing messages are getting to be timelier and better written. It used to be that malware e-mail was badly written junk. You’d never mistake them for a legitimate message. The three messages I mentioned though all looked like they could have been real ones. I’m about as paranoid as it comes in computer security, but the basketball one almost tricked me.
• Bad BitDefender Update Clobbers Windows PCs
Users of the BitDefender antivirus software started flooding the company’s support forums Saturday, apparently after a faulty antivirus update caused 64-bit Windows machines to stop working.
The company acknowledged the issue in a note explaining the problem, posted Saturday. “Due to a recent update it is possible that BitDefender detects several Windows and BitDefender files as infected with Trojan.FakeAlert.5,” the company said.
The acknowledgement came after BitDefender users had logged hundreds of posts on the topic. Some complained of being unable to reboot their systems.
• Energizer battery rechargers still haunted by trojan backdoor
Microsoft labels the trojan as Arurizer.A and warns that it installs a backdoor on user machines that allows attackers to upload, download, and delete files at will, install additional malware and carry out other nefarious deeds.
• Naming and Shaming ‘Bad’ ISPs
• Panda discovers malware on HTC Magic phone
A Panda Security employee discovered three malware programs on a recently purchased HTC Magic phone when it was plugged it into a Windows computer.
• Malware Found on Another HTC Magic Smartphone
• Vodafone Spain supplies pre-Mariposa’d smartphone (again)
• Vodafone Spain admits 3,000 smartphones shipped with Mariposa
• Malware Infected Memory Cards of 3,000 Vodafone Mobiles
• How the butterfly botnet was broken
• Drudge Report, TechCrunch hit by ad malware
• Estonia Defense Minister: Cyberattacks Will Grow
Others at the conference agreed. A major cyberattack sponsored by terrorists or a state will happen within the next decade, predicted Jerry Archer, chief information security officer with Sallie Mae. “I think within the next five to 10 years we will have a cyberwar that will turn into a shooting war,” he said, speaking during a panel discussion at the conference.
Permalink
Send this to a friend
03.19.10
Posted in Apple, GNU/Linux, Security, Windows at 5:57 am by Dr. Roy Schestowitz
Summary: CNET’s (CBS) Elinor Mills, who improved her coverage by naming Microsoft and Windows as part of the problem, deserves some credit
IN preparation for the “Call Out Windows” campaign, we are trying to see which reporters routinely describe Windows-only problems as “computer problems”. After much pressure, John Markoff from New York Times was finally willing to call out "Windows" (when the problems he described were obviously specific to Windows). We mustn’t assume that every “PC” owner uses Windows because according to Microsoft’s own charts, GNU/Linux is bigger on the desktop than Apple, which admittedly has a niche market in rich countries.
People deserve to be told where the problems that they are experiencing actually come from. Some problems can rightly be called “computer problems”, but very few deserve that labeling (usually tied to an industry standard rather than an implementation of it, DNS poisoning being an example). As we pointed out last week, Toyota problems are not being described as general problems with cars because Toyota has no monopoly on the automobiles market. The same line of reasoning ought to be applied to computing.
In any event, here is the latest rather serious Microsoft flaw.
An exploit writer at Core Security Technologies has discovered a serious vulnerability that exposes users of Microsoft’s Virtual PC virtualization software to malicious hacker attacks.
Microsoft disputes this, but as we showed last month, Microsoft’s gymnastics in logic rarely compute. Microsoft is the boy who cried “Wolf!” Using PR tactics, Microsoft often blames crackers rather than its own incompetence (which allowed crackers to intrude in the first place).
Given Elinor Mills’ history of not mentioning Windows when it comes to Windows problems, we were encouraged so see her at least alluding to Windows in her coverage of the above. Here is another new article where Windows specificity is made implicit by her:
PandaLabs connected the S21Sec employee’s microSD card to his PC and found that the smartphone was loaded with the malware on March 1, more than a week before he had received the phone from Vodafone.
“This Mariposa botnet client is also loaded in the same hidden NADFOLDER directory. It is also named as AUTORUN.EXE and will automatically run when connected into a Windows machine unless you have autorun disabled (download USB Vaccine to disable autorun if you haven’t done so yet),” the PandaLabs blog item says.
The article’s headline is “Malware found on second Vodafone HTC Magic”; a better headline would be: “Windows malware found on second Vodafone HTC Magic”
“Notice the slogan of IE 9. Is Microsoft really in a state of thinking that improved security is its market distinguisher in Web browsers?”There are many more examples that we could give of such reporting and it hopefully remains civil and polite. Informers of the public do have a responsibility and we know for a fact (based on evidence such as this) that Microsoft interferes with reporting that names Windows as the source of problems. In previous posts about Internet Explorer 9 (IE 9) [1, 2, 3] we wrote about security problems it may have (worse and less secure than predecessors in some ways). A reader of ours, a former Microsoft MVP who sometimes participates, told us last night that “IE 9 preview sucks.” He actually tried it.
Earlier this year we found a lot of Microsoft spin about Internet Explorer. Internet Explorer was found to be the cause for many Web attacks, including some against Google [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12]. Microsoft used this as an opportunity to advocate IE 8 (an ‘upgrade’), of course not telling the public that IE 8 too was vulnerable at the time (without patches available yet). Notice the slogan of IE 9. Is Microsoft really in a state of thinking that improved security is its market distinguisher in Web browsers? █
“It’s really secure this time. We promise!”
Permalink
Send this to a friend
03.17.10
Posted in Microsoft, Security, Windows at 4:34 pm by Dr. Roy Schestowitz
Summary: Internet Explorer 9 removes security features and lies about its standards compliance using improper benchmarks
MICROSOFT made some Internet Explorer patches available last week, only to discover that Internet Explorer is under a new wave of attacks (due to flaws which cannot be patched until next month). What did Microsoft do? To the gurus out there it advised that they apply some registry hacking. Windows is easy, eh? SJVN writes about this issue which we covered before:
A Quick IE Fix
[...]
The first one disables the peer factory class in the Windows registry. ‘Peer factory’ is used by the iepeers.dll binary program in IE 6 and 7 on Windows XP and Windows Server 2003 to call some kinds of Windows functionality from within IE. The most common way it’s used is to print from IE. The downside of this fix, as you might guess, is that it will stop IE’s print functionality from working.
Try explaining this security measure to people who are fearful of computing.
According to another new article from SJVN, Internet Explorer 9 will fix almost nothing when it comes to security. Just like when Vista 7 was planned and released, Microsoft said nearly nothing about improved security; it’s the same when it comes to Internet Explorer.
While Microsoft seems focused on some good things, like improving IE’s speed and finally making it more compatible with the forthcoming HTML 5 standard, I didn’t see a lot about improving the program’s own built-in security. Indeed, this early test-drive model [of IE 9] doesn’t even include IE 8’s SmartScreen anti-malware filter and private-browsing function.
This sounds familiar because according to two separate sources, Vista 7 is also less secure than Vista [1, 2]. They go backwards.
But now comes the interesting part. A reader who wishes to remain anonymous has told us that, regarding Microsoft’s “test browser compliance”, it will “test browsers, except for their current version, Internet Explorer 8″. To quote the message:
“Download the latest Windows web browser”. Is it fair testing a future release against the current versions of the rest? Also the original stand alone SVG files appear to be missing.
“This website contains several collections of test pages that were developed in conjunction with the World Wide Web Consortium (W3C) working groups. These tests make it possible to validate a browser’s compliance with specific web standards”
http://samples.msdn.microsoft.com/ietestcenter/#svg11e2
Microsoft never likes to compare the comparable. It pits vapourware against real products, as usual. It must mean that Microsoft is behind, not ahead. █
“In the face of strong competition, Evangelism’s focus may shift immediately to the next version of the same technology, however. Indeed, Phase 1 (Evangelism Starts) for version x+1 may start as soon as this Final Release of version X.”
–Microsoft, internal document [PDF]
Permalink
Send this to a friend
03.16.10
Posted in BSD, GNU/Linux, Microsoft, Security, Windows at 6:13 pm by Dr. Roy Schestowitz
Summary: Prelude to a new campaign which strives to change the coverage of Windows-specific security problems
ONE of our readers is in the process of starting a new campaign he wishes to name “Let’s call out Windows” or simply “Call out Windows.” The purpose of this information campaign is to urge journalists to call Windows malware and Windows viruses just what they are: Windows malware and Windows viruses. Reporters have become knowingly negligent of the fact that these problems affect Windows and not all computers run Windows. It’s time to restore journalistic integrity and accuracy.
The following new post, titled “GNU/Linux: Don’t Call Them PC Viruses”, arrives in a very timely fashion and states:
I call that hogwash. The reason Microsoft Windows is so often successfully attacked is because of its flawed security design. I run FreeBSD Unix and Mandriva GNU/Linux on my PC systems. I keep my systems patched with up to date bug fixes and security fixes. I will not install software that I do not know from whence it originates. I do not run any anti-virus software and yet I will never get a “PC Virus” on these systems. There is no such thing as a “PC Virus”, call them “Microsoft Windows Viruses” or “GNU/Linux Viruses” or “Apple OS X Viruses” depending on the operating system which they successfully attack. Don’t call them “PC Viruses”.
Last week we showed that Apache was only vulnerable on Windows (not IEEE POSIX®).
There is a lot of correspondence going on privately, trying to establish an effective campaign that changes how people cover Windows malware and Windows viruses without coming across as rude. █
“Our products just aren’t engineered for security.”
–Brian Valentine, Microsoft executive
Permalink
Send this to a friend
Posted in Microsoft, Security, Windows at 3:41 am by Dr. Roy Schestowitz
Summary: Security guru Eugene Kaspersky has harsh words for Microsoft, which still fails to secure its platform and even patch software without breaking it
IT HAS been another tough week for Windows, which simply cannot be secured, not even with ’snake oil’ software that’s called “anti-virus” (unless the placebo effect counts).
A few months ago we wrote about Microsoft being allowed into Ford cars. There are already security concerns about that at Ford. They worry about Windows/WiFi in the car getting hijacked.
“Sadly, we live in a world where Microsoft pressures journalists to misreport incidents.”We wish to discuss for a moment an interesting phenomenon. When a car breaks down (let us say a Toyota), the news will say a Toyota car is having issues, it won’t say that cars in general have issues. That’s because the market is full of choices. Yes, choices, diversity, not “fragmentation” as Microsoft would probably put it. If “Windows” is embedded in PCs, then Windows can become interchangeable and synonymous with “computing”. Then, people would not realise what’s really wrong and that they also have better choices. Sadly, we live in a world where Microsoft pressures journalists to misreport incidents. Taken from a long discussion we’ve had by E-mails for a few days now, consider the fact that we have documented examples where journalists received mail from Microsoft’s PR agencies (e.g. W-E) to tell them off and ask them to change articles about Windows security. The Inquirer is good in that regard because without much reluctance it spilled the beans when that happened. We have given articles from them where content was being tempered by Microsoft PR agencies, whose job was to spin the vulnerabilities in Vista.
Reporters who are contacted because they describe Windows security problems as just “computer problems” often cite the “popularity” myth of Windows as the cause. It’s PR. Given the widespread use of GNU/Linux in servers and devices everywhere, people should struggle to reason about lack of cracking as related to “popularity”. Windows is not popular by the way, it’s just ubiquitous*. Moreover, Microsoft commissions and manufactures its own ’studies’ where it hides flaws and reports bogus numbers. There are many examples to that effect.
Here is what Eugene Kaspersky said about Windows earlier this month:
Security chief Eugene Kaspersky has launched a scathing attack on Microsoft’s security record.
[...]
There are already some new examples of Microsoft’s poor patching. Last week Microsoft delivered broken/rogue security patches and later admitted the problem which had the following effect:
Microsoft confirmed today that a security update for its Excel spreadsheet had turned English text in an important Windows tool into Chinese.
The admission was the second in the past two days from Microsoft’s Office team of a gaffe involving a recent security update.
How does Microsoft break languages while fixing a security problem? One might remark that this implies poor software design.
Speaking of Office, this area is in a state of transition in an economy where people use Free software or access software in the form of a service. Don Reisinger, typically a troll/baiter who writes bizarre reversals of truths at CNET, explains some of the issues and Microsoft resorts to more AstroTurfing by offering money to those who create “viral Office 2010 videos” for YouTube.
Want a chance to win $10,000 for your small Seattle business or start-up? The Greater Seattle Chamber of Commerce and Microsoft have partnered up in a contest for making videos about Office 2010.
In case it sounds familiar, it should. Microsoft also hires people to post comments favourable to Windows in social networking sites.
Anyway, going back to the subject of insecurity, someone writes a guest post at ZDNet about “the cadence of Microsoft security patches” and ECT notes that Windows is already vulnerable again, as usual.
The expected batch of patches wasn’t the only thing Windows users got with Microsoft’s latest Patch Tuesday update. The set of fixes was accompanied by a warning about an unpatched zero-day exploit for Internet Explorer.
All that Microsoft can offer is a workaround:
Microsoft has revised their advisory for the newest IE 0Day vulnerability to note that working exploit code is now available and that they are aware of “targeted attacks attempting to use this vulnerability.” They have also created “Microsoft Fix it” links to disable and re-enable the vulnerable software components.
The Inquirer wrote:
The flaw in Internet Exploder versions 6 and 7 allows an attacker to take control of a victim’s computer.
Internet Explorer was the cause of a lot of damage earlier this year [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12]. In 4 countries, authorities recommended that citizens abandon Internet Explorer. █
____
* It’s more about reminding reporters that people choose to buy a computer, they don’t choose to buy Windows. Calling Windows “popular” is like calling cockroaches “popular” because there are many of them out there. It ought to be one of those things that people should train themselves to avoid saying because Windows is not “popular”.
Permalink
Send this to a friend
03.14.10
Posted in Microsoft, Security, Windows at 5:19 pm by Dr. Roy Schestowitz
Summary: News reports about security, mostly from IDG and almost exclusively about Microsoft and Windows
• ZeuS Botnet Still Mutating, Still on the Move
New capabilities are strengthening the ZeuS botnet, which criminals use to steal financial credentials and execute unauthorized transactions in online banking, automated clearing house (ACH) networks and payroll systems. The latest version of this cybercrime toolkit, which starts at about $3,000, offers a $10,000 module that can let attackers completely take control of a compromised PC.
• ZeuS botnet code keeps getting better for criminals
New capabilities are strengthening the ZeuS botnet, which criminals use to steal financial credentials and execute unauthorized transactions in online banking, automated clearing house (ACH) networks and payroll systems. The latest version of this cybercrime toolkit, which starts at about $3,000, offers a $10,000 module that can let attackers completely take control of a compromised PC.
[...]
The Windows-based ZeuS Trojan software, which takes up about 50,000 bytes on a compromised Windows-based computer, is designed to plunder accounts in North American and United Kingdom banking systems via the victim’s computer. The criminal might be located a continent away, directing unauthorized transfers of funds to accounts through elaborate command-and-control systems.
• One-third of orphaned Zeus botnets find way home
The takedown of 100 servers used to control Zeus-related botnets may be a short-lived victory, security researchers said after discovering that about a third of the orphaned channels were able to regain connectivity in less than 48 hours.
The resurrection of at least 30 command and control channels came after their internet service provider found a new upstream provider to provide connectivity to the outside world, autonomous system records showed on Thursday. As a result, some of the rogue customers who used the Troyak ISP to herd huge numbers of infected PCs were able to once again connect to the compromised machines and issue commands.
• Zeus Botnet Dealt a Blow as ISP Troyak Knocked out
• After Takedown, Botnet-linked ISP Troyak Resurfaces (Windows not mentioned)
Zeus is a botnet kit used by a large number of cybercriminals. Researchers have counted 249 Zeus command-and-control servers to date. Another Internet service provider named Group 3 was also knocked offline Wednesday. It has not been reconnected, however.
• Estonian DDoS revenge worm crafter jailed
An Estonian virus writer has been jailed for two and a half years for creating a Windows worm family that launched denial of service attacks on the websites of a local insurance firm and ISP.
Artur Boiko, 44, was convicted by a jury of creating the Allaple worm and sentenced to two years and seven months following a trial. Boiko pleaded not guilty but prosecutors persuaded the jury that he became a malware author in late 2006 to seek revenge against insurance firm IF following a dispute over a rejected car accident insurance claim.
• FBI Embeds Cyber-investigators in Ukraine, Estonia
Hoping to catch cybercrooks, the U.S. Federal Bureau of Investigation has begun embedding agents with law enforcement agencies in Estonia, the Ukraine and the Netherlands.
• Homeland Security is recruiting new cyber-warriors (they aim for prevention after the act instead of eternal cure)
Department of Homeland Security Janet Napolitano said during a keynote speech today that her agency has new authority to beef up the department’s team of cyber-warriors and couldn’t help making her pitch before the thousands of security experts in the room.
• Professor Gets Money For Cybersecurity Research
More problems surfacing:
• New Internet Explorer Flaw Revealed
• Microsoft Warns of New Bug Affecting IE Users
• Microsoft warns of new IE bug; attacks under way
• IE Zero-day Exploit Code Goes Public
Exploit code for the unpatched bug in Internet Explorer was published on the Web yesterday, a step security pros said earlier would be the precursor to widespread attacks.
• McAfee inadvertently speeds creation of Metaploit IE exploit pack
• Chinese Hack Attacks Said Likely to Recur (Internet Explorer was the cause [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12])
Recent Internet attacks from China against Google and other U.S. companies will more than double this year if the pace during the first two months continues, a security expert says.
• US expert: Chinese gov’t likely behind massive cyberattacks
The Chinese government is likely behind recent cyberattacks on U.S. government Web sites and on U.S. companies in an apparent effort to quash criticism of the government there, an expert on U.S. and Chinese relations said Wednesday.
• FBI Director: Hackers Have Corrupted Valuable Data
Hackers breaking into businesses and government agencies with targeted attacks have not only stolen intellectual property, in some cases they have corrupted data too, the head of the U.S. Federal Bureau of Investigation said Thursday.
• FBI: Cyberfraud Losses Doubled in 2009 (no wonder it costs so much to recover)
Last year was a tough one for most businesses, but for cybercriminals it was one of the best yet.
According to data released Friday by the U.S. Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3), victims reported total losses of US$559.7 million in 2009, more than double the tally for 2008.
• Trojan armed with hardware-based anti-piracy control
The latest version of the Zeus do-it-yourself crimeware kit goes to great lengths to thwart would-be pirates by introducing a hardware-based product activation scheme similar to what’s found in Microsoft Windows.
The newest version with bare-bones capabilities starts at $4,000 and additional features can fetch as much as $10,000. The new feature is designed to prevent what Microsoft refers to as “casual copying” by ensuring that only one computer can run a licensed version of the program. After it is installed, users must obtain a key that’s good for just that one machine.
Zombies in another sense (traditional and not harmful):
• Six Essential IPhone Apps for a Zombie Attack
• ZombieSmash Coming to IPhone
Permalink
Send this to a friend
03.12.10
Posted in Microsoft, Security, Windows at 3:40 pm by Dr. Roy Schestowitz
Summary: Coverage about security issues is abundant, but the cause of many of these issues is simply not named
MANY companies in the West had their security measures superseded and breached due to an Internet Explorer hole that Microsoft had knowingly ignored for 5 months [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12]. Microsoft is now warning that Internet Explorer is under another attack:
In an advisory, the company warned that a new vulnerability was being targeted in attacks against Internet Explorer 6 and 7. IE 8 is not believed to be affected. According to Microsoft, the vulnerability is due to an invalid pointer reference being used within IE and can be exploited by tricking users into visiting a malicious or compromised Web page.
This is a Windows problem because Internet Explorer is a part of Windows, which therefore inherits all the weaknesses of one piece of software that ought to have been isolated. The consequences of Windows’ insecurity can also be seen in the following news:
1. Vodafone ships malware infested mobiles
Upon further investigation, the phone was found to be infected with not one but three nasties, including the Conficker worm, a Mariposa bot client and a Lineage password divulger. The firm found that the Mariposa bot client was calling home to receive further instructions.
With a “password divulger”, banks are at risk:
2. Online banking fraud losses rise 14%”
Number of ‘phishing’ attacks have risen to 51,000 from just 1,700 five years ago, according to the UK Cards Association
Also:
3. Twitter Fights Phishing, Malware with Link Scanning Service
Twitter has announced it will begin scanning links posted by users to thwart phishing attacks and the spread of malware on the site.
Notice how the articles typically neglect to say that such malware only affects Windows users. On we move to:
4. 10 Reasons Why Security Problems Persist at Microsoft
News Analysis: As much as Microsoft would like security problems to just go away, they won’t. The chances of Microsoft eliminating most of the software flaws that invite new attacks are slim to nil. But there are many things that Microsoft should do to improve the situation. We take a look at why security issues continue to haunt the software giant and what Microsoft can do about it.
[...]
2. Windows is an easy target
Windows is a nightmare when it comes to security. The operating system is filled with holes that, over the years, have been patched with varying degrees of success. Windows 7 is the most secure operating system Microsoft has released to date, but it’s probably rife with flaws that Microsoft hasn’t heard of yet. And no doubt hackers are ceaselessly searching for them. Unless Microsoft does something drastic with the next iteration of Windows, its operating system woes will likely continue.
We do not agree with the article as a whole, but it does raise some important points. The security weaknesses of Windows produce botnets rather easily:
5. Zeus botnets suffer mighty blow after ISP taken offline
At least a quarter of the command and control servers linked to Zeus-related botnets have suddenly gone quiet, continuing a recent trend of takedowns hitting some of the world’s most nefarious cyber operations.
This is a Windows botnet (but it doesn’t even say “Windows botnet”). What’s sickening is that Microsoft is only mentioned in this article where it’s given credit. It says: “Late last month, Microsoft was able to disrupt the Waledac botnet by obtaining a court-issued order against scores of domains associated with the spam-spewing menace.”
Giving Microsoft credit for the Waledac takedown [1, 2, 3, 4] is like giving DuPont credit for some minimal cleanup after the Bhopal disaster. Microsoft employees are given credit for fighting a problem that they themselves created. It’s truly amazing, especially given that those Windows botnets are costing huge amounts of money that is hard to estimate (dependent upon definitions and methods).
Here is the EFF discussing Microsoft’s takedown of an important Web site, not a Windows botnet.
We often criticize DMCA takedown abuse here at EFF, but last week’s Cryptome snafu highlights another facet of the problem: how a DMCA takedown for one item can result in the removal of lots of lawful material.
To recap, Cryptome posted Microsoft’s global criminal compliance manual. Microsoft sent a DMCA takedown notice to Cryptome’s domain name registrar and web hosting provider, Network Solutions, alleging that the post infringed copyright. Under the DMCA, a web hosting provider is protected from copyright infringement liability if, among other things, it “expeditiously” disables access to material properly identified in a DMCA takedown notice. Network Solutions asked Cryptome to remove the Microsoft compliance manual. Cryptome refused explaining that the document was posted in order to help the public better understand Microsoft’s practices, and followed up with a DMCA counternotice. Network Solutions promptly shut down the entire Cryptome website. Thus, a complaint about a single document caused significant collateral damage to the perfectly legal material on Cryptome.
We have already covered this in another post. Microsoft can stop people who leak evidence of its warrantless spying, whereas those who empty bank accounts through compromised Windows PCs are not a priority. There are hundreds of millions of them. █
Permalink
Send this to a friend
« Previous entries Next Page » Next Page »
