Morgalyn writes "According to an article at Information Week, Microsoft has decided to fight zombie-launched spam in their own way. In conjunction with the FTC and consumer rights groups, Microsoft set up a clean computer and then infected it. They monitored the 'zombie' over the course of 20 days - 'In those 20 days, this one computer received 5 million connection requests from spammers, and sent 18 million spam messages'. This whole operation has led to the (partial) identification of 13 different spamming groups, some of which reside in the US and may be prosecuted under the CAN-SPAM act."Ads_xl=0;Ads_yl=0;Ads_xp='';Ads_yp='';Ads_xp1='';Ads_yp1='';Ads_par='';Ads_cnturl='';Ads_prf='page=article';Ads_channels='RON_P6_IMU';Ads_wrd='spam,doj';Ads_kid=0;Ads_bid=0;Ads_sec=0; Microsoft's Vigilante Investigation of Zombies Log in/Create an Account | Top | 301 comments | Search Discussion Display Options Threshold: -1: 301 comments 0: 296 comments 1: 224 comments 2: 137 comments 3: 41 comments 4: 23 comments 5: 17 comments Flat Nested No Comments Threaded Oldest First Newest First Highest Scores First Oldest First (Ignore Threads) Newest First (Ignore Threads) The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way. Steve Ballmer on Zombies (Score:5, Funny) by ponds (728911) on Friday October 28, @04:56PM (#13899749) Microsoft should just have Steve Ballmer fucking kill them. [ Reply to ThisRe:Steve Ballmer on Zombies by non0score (Score:1) Friday October 28, @04:57PMRe:Steve Ballmer on Zombies by utnow (Score:3) Friday October 28, @06:26PMRe:Steve Ballmer on Zombies by vsprintf (Score:2) Friday October 28, @07:25PMLawyers and ISP Clout matter more than Interns by billstewart (Score:2) Friday October 28, @10:22PMRe:Steve Ballmer on Zombies by Pharmboy (Score:2) Friday October 28, @08:24PM1 reply beneath your current threshold. Re:Steve Ballmer on Zombies (Score:5, Funny) by conJunk (779958) on Friday October 28, @05:00PM (#13899799) Microsoft should just have Steve Ballmer fucking kill themGives new meaning to "i've burried them before and i'll burry them again" eh? [ Reply to This | ParentRe:Steve Ballmer on Zombies by Senzei (Score:1) Friday October 28, @05:23PMSeattle has lots of Berries by billstewart (Score:2) Friday October 28, @10:10PM1 reply beneath your current threshold.Re:Steve Ballmer on Zombies by ackthpt (Score:2) Friday October 28, @05:01PMRe:Steve Ballmer on Zombies by Pyrion (Score:1) Friday October 28, @06:57PMcruel and unusual by www.sorehands.com (Score:2) Saturday October 29, @12:08AMCruel, maybe by A nonymous Coward (Score:2) Friday October 28, @07:01PMRe:Steve Ballmer on Zombies by mctk (Score:3) Friday October 28, @05:05PMRe:Steve Ballmer on Zombies by ravenspear (Score:3) Friday October 28, @05:15PM1 reply beneath your current threshold.Re:Steve Ballmer on Zombies by AngryNick (Score:1) Friday October 28, @06:00PMRe:Steve Ballmer on Zombies by dextromulous (Score:1) Friday October 28, @06:12PMI will give $10,000 to charity... by mindaktiviti (Score:2) Friday October 28, @06:42PMRe:Steve Ballmer on Zombies by Nanoda (Score:1) Friday October 28, @07:18PM2 replies beneath your current threshold. Microsoft fighting zombies? (Score:5, Funny) by MrFlannel (762587) on Friday October 28, @04:57PM (#13899751) Not a moment too soon! With Halloween on Monday and everything, this comes at a perfect time to save my brain.I'll still lock my doors though. [ Reply to ThisRe:Microsoft fighting zombies? by robertjw (Score:2) Friday October 28, @05:45PM I can imagine the costumes! (Score:5, Funny) by Spy der Mann (805235) <spydermann,slashdot&gmail,com> on Friday October 28, @06:19PM (#13900493) (Last Journal: Wednesday October 12, @02:42PM) Costume 1: Guy disguises himself as a zombie and puts on a cardboard monitor. Here instead of "brainssssssss" he should say: "mailssssssssssss"Costume 2: A fat guy carrying a chair, with a Google T-Shirt (and the handwritten letters above: "I'll F**ing Kill". Obviously his secondary target would be the guy wearing costume 1.Now the following may be off-topic, but what the heck, I got started!Costume 3: Just put on a Bill Gates mask, and wear a Microsoft T-Shirt. And instead of "Trick or treat", you say: "End User License Agreement".Costume 4: Disguise yourself as a Lawyer and stick the logos of BMG, Sony, Time Warner (did I miss any?) on the back. Instead of "Trick or treat", say "Court or Settlement"Costume 5: Disguise yourself as Zombie, but instead of wearing the cardboard monitor, just put an AOL sticker on your shirt. You're an official "AOL user". Instead of moaning "brainssss" you'll say: "Me, tooooo!"Costume 6: Disguise yourself as a monitor, and paint the front in blue. :)Costume 7: Paint your face black and buy fake jewelry. Pretend you're the relative of a Nigerian prince who just died. [ Reply to This | ParentOops! Forgot the scariest one! by Spy der Mann (Score:1) Friday October 28, @06:26PMRe:Oops! Forgot the scariest one! by Ythan (Score:1) Friday October 28, @10:50PMZombie Walks in Seattle 10/29, 10/31 by billstewart (Score:2) Friday October 28, @10:36PM In other words... (Score:5, Funny) by shades66 (571498) on Friday October 28, @04:57PM (#13899754) "Microsoft set up a clean computer and then infected it."So they switched it on and connected it to the net? [ Reply to ThisRe:In other words... by Phroggy (Score:2) Friday October 28, @04:58PMRe:In other words... by Quasar1999 (Score:2) Friday October 28, @04:59PMRe:In other words... by shades66 (Score:3) Friday October 28, @05:02PMRe:In other words... by mctk (Score:2) Friday October 28, @05:09PMRe:In other words... by NanoGator (Score:2) Friday October 28, @09:56PMRe:In other words... by schon (Score:2) Friday October 28, @05:11PM Even if not (Score:5, Insightful) by Sycraft-fu (314770) on Friday October 28, @05:18PM (#13899981) I haven't seen anywhere in the anti-spam laws that says you have a positive duty to stop spam. There doesn't seem to be any criminal culpability for getting a system hacked. The person doing the hacking and spamming is in trouble, but not the person that it happened to.If I'm incorrect on this, please point out the relivant part of the law. [ Reply to This | ParentRe:Even if not by Anonymous Coward (Score:1) Friday October 28, @05:22PMRe:Even if not by Foobar of Borg (Score:2) Friday October 28, @05:45PMRe:Even if not by Headcase88 (Score:1) Friday October 28, @06:19PM1 reply beneath your current threshold.Re:Even if not by schon (Score:2) Friday October 28, @06:15PMRe:Even if not by abirdman (Score:2) Friday October 28, @07:08PMRe:Even if not by Courageous (Score:3) Friday October 28, @08:19PMRe:In other words... by Viper Daimao (Score:2) Friday October 28, @05:21PMRe:In other words... by vinn01 (Score:3) Friday October 28, @06:13PMRe:In other words... by misleb (Score:2) Friday October 28, @05:30PMRe:In other words... by Shanep (Score:3) Friday October 28, @06:39PMRe:In other words... by capilot (Score:1) Friday October 28, @07:18PM Re:In other words... (Score:5, Interesting) by slavemowgli (585321) on Friday October 28, @05:07PM (#13899883) (http://venganza.org/) You moderators may think that's funny, but there's more than a grain of truth in there. The current estimate by the ISC's DShield [dshield.org] for how long it takes for a random computer to get infected after it's connected to the Internet is 26 minutes.Think about that for a moment... and then ask yourself why we actually take this for granted instead of suing Microsoft into oblivion. Would a car company get away with cars breaking down on real-life roads an average 26 minutes after they're purchased? The thought is totally ridiculous, yet we accept the same from Microsoft. Why? [ Reply to This | Parent Re:In other words... (Score:5, Informative) by texwtf (558874) on Friday October 28, @05:16PM (#13899960) That's not a reasonable analogy. This is more like the car is broken into within 26 minutes.The Internet is like Baghdad for computers but 10000 times more intense.The operating system doesn't merely fall apart - it's broken apart by the equivalent of roaming street thugs.I agree that microsoft it partially responsible (does rpc really need to be accessible by default?) - but on the other hand, until very recently your average linux install didn't take long to get 0wn3d either.  [ Reply to This | ParentRe:In other words... by shmlco (Score:2) Friday October 28, @05:27PMRe:In other words... by jabuzz (Score:2) Friday October 28, @05:50PMRe:In other words... by jedrek (Score:2) Friday October 28, @06:14PMRe:In other words... by LO0G (Score:2) Friday October 28, @11:10PMRe:In other words... by vsprintf (Score:2) Friday October 28, @08:12PMRe:In other words... by MrKahuna (Score:1) Friday October 28, @05:41PMRe:In other words... by texwtf (Score:1) Friday October 28, @07:51PMRe:In other words... by MrKahuna (Score:1) Friday October 28, @08:29PM1 reply beneath your current threshold. Re:In other words... (Score:4, Interesting) by valhallaprime (749304) on Friday October 28, @06:13PM (#13900434) "The operating system doesn't merely fall apart - it's broken apart by the equivalent of roaming street thugs."I strongly agree with this. I'm not pro or anti-MS, I just happen to be a SysAdmin that uses their stuff every day, and manages 120 desktops. It's just a fact that there are a lot of shady monkeys that are trying 24/7 to find exploits, holes, and other crap for nefarious deeds.Call it civic duty, but once a week I spend an hour going thru my spam-logs, and pick a couple (that are obviously being sent from 0wn3d boxen), trace their IP, look up which provider owns the range. I then call their NOC (Which is almost always listed in their WhoIs record), and report the IP (if they're a U.S. provider).I honestly get a call-back one out of every three times from a provider, saying they've found the hostile traffic coming from that address, and they temporarily block access, or alerted the sysadmin managing the address.It may be little, but it's sorta civic duty to do something about this from time to time. Kudos to Cavalier and Verizon especially for following up on my calls. [ Reply to This | ParentRe:In other words... by Stephen Samuel (Score:2) Friday October 28, @06:25PMRe:In other words... by mysidia (Score:1) Friday October 28, @09:54PMRe:In other words... by strikethree (Score:1) Saturday October 29, @12:25AM1 reply beneath your current threshold.Re:In other words... by Anonymous Coward (Score:1) Friday October 28, @05:29PMRe:In other words... by 6OOOOO (Score:1) Friday October 28, @06:22PMRe:In other words... by Spamalope (Score:1) Friday October 28, @10:41PMRe:In other words... by tomhudson (Score:2) Friday October 28, @11:29PM2 replies beneath your current threshold.Re:In other words... by dr-suess-fan (Score:2) Friday October 28, @05:31PM1 reply beneath your current threshold.Re:In other words... by Midnight Thunder (Score:2) Friday October 28, @05:33PMRe:In other words... by tomhudson (Score:2) Friday October 28, @11:33PMRe:In other words... by misleb (Score:3) Friday October 28, @05:35PMRe:In other words... by pclminion (Score:2) Friday October 28, @05:35PM1 reply beneath your current threshold.Re:In other words... by Hard_Rock_2 (Score:1) Friday October 28, @05:38PMRe:In other words... by DrSkwid (Score:2) Friday October 28, @05:52PMRe:In other words... by Hard_Rock_2 (Score:1) Friday October 28, @06:15PMRe:In other words... by doodlebumm (Score:1) Friday October 28, @06:32PMRe:In other words... by Hard_Rock_2 (Score:2) Friday October 28, @06:41PMRe:In other words... by Poingggg (Score:1) Friday October 28, @07:06PMRe:In other words... by Shanep (Score:2) Friday October 28, @07:19PMRe:In other words... by Tony Hoyle (Score:2) Friday October 28, @09:32PMHow long do you think it would take... by douglips (Score:2) Friday October 28, @05:40PMRe:In other words... by bosewicht (Score:1) Friday October 28, @05:41PMRe:In other words... by Phae (Score:2) Friday October 28, @05:50PM If my car had millions of people throwing bricks (Score:5, Insightful) by Sycraft-fu (314770) on Friday October 28, @05:56PM (#13900307) I'd be amazed if it lasted 30 seconds.When you get right down to it, cars are shitty in reliability compared to software. Off the top of my head, here are some major problems my car has, at least when looked at from a software standpoint:1) My car is very venurable to break ins. You can smash a window, jimmy the locks and so on. It's easy, requries no knowledge to do.2) My car doesn't deal with faulty input. If I set it in neutral and floor it, the engine will overheat and seize up. There's no system to deal with faulty operation like that.3) My car has problems with user error. If I drive it in to a wall on accident, it'll stop functioning. Same if a user of another car makes a mistake and hits it.Worse yet, the manufacturer will not fix ANY of these faults, even for a price. Even worse they KNEW about ALL of them when they sold the car.Now compare that to software where we expect that it be essentially faultless and when a fault is found, that it be fixed quickly and for free.Something tells me that if someone put a brick through your window, it would be them that you wanted busted, not the maker of your car. Yet if someone hacks your OS, you are mad at the OS maker, not that hacker.Only on Slashdot :P. [ Reply to This | ParentMy three cars... by Savage-Rabbit (Score:1) Friday October 28, @06:58PMRe:My three cars... by evilapplepie (Score:1) Friday October 28, @07:01PMRe:My three cars... by GigsVT (Score:1) Friday October 28, @08:54PMRe:My three cars... by tomhudson (Score:2) Friday October 28, @11:42PMRe:My three cars... by Sycraft-fu (Score:2) Friday October 28, @07:39PMRe:My three cars... by Savage-Rabbit (Score:2) Friday October 28, @08:07PM2 replies beneath your current threshold.Re:If my car had millions of people throwing brick by Shanep (Score:1) Friday October 28, @07:40PM1 reply beneath your current threshold.Re:If my car had millions of people throwing brick by NotBorg (Score:2) Friday October 28, @07:44PMRe:If my car had millions of people throwing brick by plierhead (Score:2) Friday October 28, @08:33PMRe:If my car had millions of people throwing brick by AEton (Score:2) Friday October 28, @08:49PMRe:Crap Car by Superfarstucker (Score:1) Friday October 28, @07:27PM1 reply beneath your current threshold.3 replies beneath your current threshold.Re:In other words... by Sloppy (Score:1) Friday October 28, @06:02PMRe:In other words... by Adammil2000 (Score:1) Friday October 28, @06:13PMRe:In other words... by Dragoon412 (Score:3) Friday October 28, @07:00PMRe:In other words... by Kent Recal (Score:2) Friday October 28, @09:36PMRe:In other words... by Shanep (Score:2) Friday October 28, @07:05PMRe:In other words... by jwink (Score:1) Friday October 28, @07:08PMRe:In other words... by donaldm (Score:1) Friday October 28, @07:30PMRe:In other words... by Junior J. Junior III (Score:2) Friday October 28, @07:49PMRe:In other words... by MetaPhyzx (Score:2) Friday October 28, @08:16PMRe:In other words... by KanSer (Score:2) Saturday October 29, @12:19AM3 replies beneath your current threshold.Re:In other words... by scherrey (Score:1) Friday October 28, @07:12PM Re:In other words... (Score:4, Funny) by vsprintf (579676) on Friday October 28, @07:39PM (#13901232) So they switched it on and connected it to the net? They were far too impatient to wait 30 minutes, so they infected it themselves. Remember these are the guys who do code reviews every twenty years. [ Reply to This | ParentHeavens no! by projectVORTEX (Score:1) Friday October 28, @09:14PM2 replies beneath your current threshold. Own...? (Score:2, Interesting) by NoTheory (580275) on Friday October 28, @04:57PM (#13899760) How is this fighting this in thier own way? Don't lots of other orgs do this same thing...? Don't they also fight spammers in other ways too? And also, if they're doing this in conjunction with a whole bunch of other people... how is this their own way? :P [ Reply to ThisRe:Own...? by governorx (Score:1) Friday October 28, @05:23PMIn Fairness by TubeSteak (Score:2) Friday October 28, @05:23PMIt's still erroneous terminology by Tau Zero (Score:3) Friday October 28, @05:31PMWell, it's their own way... by sczimme (Score:2) Friday October 28, @05:27PM Re:Well, it's their own way... (Score:5, Insightful) by Midnight Thunder (17205) on Friday October 28, @05:40PM (#13900169) (http://slashdot.org/ | Last Journal: Saturday February 05, @04:50AM) That amount of data was impossible to analyze, so Microsoft focused on the three most-active spamming days, when 470,00 connection requests were made of the PC, and about 1.8 million messages were sent through it.How nice: they allowed 18M junk messages to go through, but could be bothered to look at only 10% of the data. Unbelievable.Do you want the job of analyzing all 18 million messages? If they are only analyzing 10% its probably because they figure that the other 90% probably have the same source. Even if the other 90% don't, sure you would want them to start somewhere, than put off affirmative action for a few years? One way of confirming whether the 90% do come from the same source is prosecuting the spammers responsible for the 10% and then dealing with the reduced amount of spam in the next cycle. [ Reply to This | ParentRe:Well, it's their own way... by sczimme (Score:3) Friday October 28, @06:09PMSure, I'd give the job to a perl script by Doug Coulter (Score:1) Friday October 28, @08:50PM1 reply beneath your current threshold.Re:Well, it's their own way... by plover (Score:2) Friday October 28, @06:17PMRe:Well, it's their own way... by Fulcrum of Evil (Score:2) Friday October 28, @06:33PMRe:Well, it's their own way... by calix0815 (Score:1) Friday October 28, @06:49PMRe:Well, it's their own way... by Tony Hoyle (Score:2) Friday October 28, @09:25PMRe:Own...? by rea1l1 (Score:1) Friday October 28, @07:18PM Wheeee (Score:1) by SandMonkey (926467) on Friday October 28, @04:58PM (#13899767) Come one everybody together now!WE HATE SPAM!Geeze... this is only going to get worse before it gets better... and it's been getting worse for 10 years... [ Reply to ThisRe:Wheeee by 99BottlesOfBeerInMyF (Score:2) Friday October 28, @05:28PM1 reply beneath your current threshold. Vigilante? (Score:5, Insightful) by bizitch (546406) on Friday October 28, @04:58PM (#13899769) (http://www.the-sopra...y/s3_tony_logoff.wav) Since when is setting up a honeypot considered "Vigilante"? [ Reply to ThisRe:Vigilante? --- THE ZONK EFFECT ---- by putko (Score:1) Friday October 28, @05:06PM Re:Vigilante? (Score:5, Funny) by KingSkippus (799657) * on Friday October 28, @05:10PM (#13899912) (http://skippus.blogspot.com/ | Last Journal: Sunday June 19, @08:25AM) Since when is setting up a honeypot considered "Vigilante"? Since someone wants Microsoft to sound like a tough SOB out to wreak havoc on those who would do us harm.Would you go see a movie that is described [imdb.com] as "A New York City architect becomes a one-man honeypot after his wife is murdered..."? [ Reply to This | ParentAre you seriously suggesting by Rhinobird (Score:2) Friday October 28, @07:40PM1 reply beneath your current threshold.Re:Vigilante? by JudgeFurious (Score:2) Friday October 28, @05:30PMRe:Vigilante? by bleckywelcky (Score:2) Friday October 28, @07:39PM2 replies beneath your current threshold. Vigilante? (Score:5, Insightful) by Negadin (261695) on Friday October 28, @04:58PM (#13899778) If they are working with the FCC, why would it be considered 'vigilante'?That's like a considering a car company working with a police forensics department to determine why a car did what it did 'vigilante'. [ Reply to ThisRe:Vigilante? by Lehk228 (Score:2) Friday October 28, @07:10PMRe:Vigilante? by GigsVT (Score:1) Friday October 28, @08:57PM1 reply beneath your current threshold. It takes.. (Score:4, Insightful) by ackthpt (218170) * on Friday October 28, @04:58PM (#13899779) (http://www.dragonswest.com/ | Last Journal: Thursday February 24, @01:27PM) It takes 20 days to collect data which may be used to convict the scumbags, but it takes yearsfor Microsoft to realize there was a problem and do something about it. To be fair, this should belaw enforcement, but someone has to file those John Does in a complaint."At the same press conference, Dan Salsburg, the assistant director of the FTC's Bureau of Consumer Protection, urged all computer users to do their part to stymie zombies."The FTC is taking aggressive steps to stop zombies and protect consumers, but consumers also need to insure that zombies aren't on their computers," Salsburg said." I'm sure they're shuffling paper like they've never quite shuffled before. Microsoft set up a clean computer and then infected it. They monitoredthe 'zombie' over the course of 20 days - 'In those 20 days, this one computer received5 million connection requests from spammers, and sent 18 million spam messages'. This whole operation has lead to the (partial) identification of 13 different spamming groups, some of which reside in the US and may be prosecuted under the CAN-SPAM act. I just don't want to see, a couple years from now, Microsoft being awarded patents on the invention of the Honeypot. [ Reply to Thistakes years for Microsoft... by shmlco (Score:3) Friday October 28, @05:24PMRe:takes years for Microsoft... by ackthpt (Score:1) Friday October 28, @05:45PMRe:takes years for Microsoft... by shmlco (Score:2) Friday October 28, @06:35PMAre you sure? by tkrotchko (Score:2) Friday October 28, @07:14PM1 reply beneath your current threshold.Re:Here's what we should do! by GecKo213 (Score:2) Friday October 28, @05:34PMRe:Here's what we should do! by ackthpt (Score:1) Friday October 28, @05:38PM It takes a spammer... (Score:2) by J_Omega (709711) on Friday October 28, @05:01PM (#13899810) ... to catch a spammer? [ Reply to This Cut em some slack (Score:1) by LilGuy (150110) on Friday October 28, @05:02PM (#13899813) At least they're TRYING to do something about the situation they helped create. Let them have their fancy word 'vigilante' and let them continue to persue these annoying bastards. [ Reply to ThisRe:Cut em some slack by Atzanteol (Score:2) Friday October 28, @05:22PM That is where it came from... (Score:1) by pturpin (801430) on Friday October 28, @05:02PM (#13899819) So MS is sending me spam now and can get away with and get positive credit for doing so? [ Reply to ThisRe:That is where it came from... by vrioux (Score:1) Friday October 28, @10:07PM1 reply beneath your current threshold. Right. (Score:5, Funny) by psbrogna (611644) on Friday October 28, @05:04PM (#13899850) Ok, raise your hand, who thinks there's more than 1 infected windows machine on the Redmond campus? [ Reply to ThisRe:Right. - hand goes up... by gerardlt (Score:1) Friday October 28, @06:30PM1 reply beneath your current threshold.1 reply beneath your current threshold. and sent 18 million spam messages (Score:4, Funny) by frovingslosh (582462) on Friday October 28, @05:07PM (#13899880) and sent 18 million spam messages So I guess, Microsoft being above the law, it's OK when they do that. The end justifies the means, after all. [ Reply to ThisRe:and sent 18 million spam messages by Senzei (Score:1) Friday October 28, @05:31PMRe:and sent 18 million spam messages by drewxhawaii (Score:1) Friday October 28, @05:56PMRe:and sent 18 million spam messages by xigxag (Score:3) Friday October 28, @07:30PMRe:and sent 18 million spam messages by evilviper (Score:2) Friday October 28, @07:54PM1 reply beneath your current threshold. Sue Bill (Score:1)