Mixed reaction from people regarding spam network shut down.
So, to those who may not be aware, Microsoft got the legal right to ‘shutdown’ a botnet known as ‘Waledac’. First and foremost, I am most impressed (and surprised) that MS did this. Though I have not kept up to date with Microsoft security, last I remember, they tended towards denying problems. BackOrifice backdoor comes to mind. I have this memory that they said it wasn’t a problem, even with direct evidence shown to them, stating otherwise (think it was BO).
I’m also pretty impressed with Win 7 compared to their other .. ehm .. abominations ? Certainly some versions were such (CE, ME, NT ? Ok NT probably not so compared to the other two, but then there is 9x …). Regardless of this, there is some controversial discussions regarding this, from some ‘security experts’.
Never before did I think so many security experts were dense. That changed. Why ?
Here’s some quotes ( credits to BBC here: http://news.bbc.co.uk/2/hi/technology/8537771.stm ):
“This will not make the problem disappear. It is a temporary reprieve,” Amichai Shulman, chief technology officer for security vendor Imperva, told BBC News.
“In the short term other gangs will fill the void while the people behind Waledac regroup and start their operations all over again.”
Okay, so then, with that dense logic, we could also say, after a murderer is imprisoned:
“This will not make the problem disappear. It is a temporary reprieve. In the short term, other murderers will fill the void while the murderer waits his time in jail before starting his operation again.”
Yeah, real smart. So basically, you think it’s good to have a botnet – with malware infested computers in it – up and running. Even if it’s a small botnet (which from sounds of it, it isn’t …), that’s STILL some bandwidth wasted. That’s STILL a some mail servers logs being filled up … (and if you’re a ‘security expert’ then certainly you should realize these things, and actually be concerned? Okay, yes the computers will still be infected, but that’s not the point. Just because there is a problem in life, does not mean you should not try to address it as best as possible. It’s like denying an HIV patient treatment because they’re going to die eventually from it anyway. Yeah, real decent.
Would you SERIOUSLY like that botnet back up ? I mean, how dense can you really be ? Of course it’s ‘temporary’, and of course there is still a crap load of spam around. Does that mean it’s okay to have even more, or even have more botnets responsible for it – no matter how big or small they are ? At least, if you’re a ‘chief technology officer’ for a security vendor, you should actually think before you say such FUD. Even a previous host of mine (2IP) which lowered their firewall settings (for a server migration) resulting in a mass-defacement, would not say such a thing as that!
Security expert Jose Nazario of cybersecurity company Arbor Networks told the Wall Street Journal that the internet addresses Microsoft has brought down could be a small percentage of those used by hackers to control the network.
“The botnet will survive in many cases,” said Mr Nazario.
Another big ‘duh’ here. And another ridiculous comment. Considering the computers are still infected, of course it’ll survive in some ways. But that doesn’t mean it’s not a commendable move by Microsoft.
“If this did affect spam, we haven’t noticed,” Richard Cox, the chief information officer at anti-spam service Spamhaus told ComputerWorld.com.
“Waledac was not a high threat, it’s less than 1% of spam traffic.”
SpamHaus is good idea, I give you that. But still – if there is say 10000 spam messages a day (which is far less than the reality, I’m sure), then:
10000 * 0.01 = 100, which equates to:
Up to 100 servers receiving garbage mail, and that’s not even counting the ISPs’ bandwidth (although small, it can add up). Oh, and 100 email boxes filled with another pathetic email.
Then you consider what happens if it’s 1,000,000 which I’m sure there is more than that too:
1,000,000 * 0.01 = 10,000 spam messages. That’s still a lot of mail. Yes, small portion of it, but that’s really not the point.
Put another way: I think that while Microsoft has often done things wrong, they at least are trying in this case. And the fact of the matter is, some of the spam they ‘got rid of’ (note the quotes) was effecting their servers (i.e., hotmail) and they have every right to stop that junk …
So, rather than say it’s pointless and not any gain, why not think about the effects on mail server admins, daily users that get spam from that botnet, and in general the resource waste ?