Microsoft Foils Botnet; New Internet Sheriff?

Today's Best Tech Deals

Picked by PCWorld's Editors

Top Deals On Great Products

Picked by Techconnect's Editors

Microsoft Thursday claimed credit for taking down its second big botnet, as part of its sometime-role as volunteer anti-spam, anti-malware enforcer.

Microsoft's Digital Crimes Unit (DCU) announced that U.S. Marshals had raided hosting providers in seven U.S. cities following a Microsoft DCU operation code-named " Operation b107."

The raids were based on information supplied to the U.S. Marshals Service by Microsoft and were approved by the Seattle federal court in which Microsoft is suing the unnamed operators of the Rustock botnet.

Microsoft's description of the operation estimated the Rustock malware had infected as many as a million computers, and that Rustock-infected machines helped send out as many as 30 billion pieces of spam per day, apparently specializing in fake lottery and pharmaceutical offers.

Estimating the size of botnets is notoriously difficult, however, and there's no telling how many in that million-PC army were infected with the particular strain of Rustock being used by operators of this botnet, or how many were actually under the operators' current control.

"With help from the upstream providers, we successfully severed the IP addresses that controlled the botnet, cutting off communication and disabling it," said Richard Boscovich, senior attorney at Microsoft's Digital Crimes Unit in a blog post on Microsoft's site.

Microsoft's last big success -- announced in a blog with the self-congratulatory headline "R.I.P. Waledac: Undoing the damage of a botnet" -- was in September, 2010, following an operation code-named Operation b49 that took down a much smaller botnet controlled by the Waledac malware.

The two botnet counterstrikes were part of Project MARS (Microsoft Active Response for Security) -- "w hich is a joint effort between Microsoft's Digital Crimes Unit , the Microsoft Malware Protection Center (MMPC), Microsoft Support and the Trustworthy Computing team to annihilate botnets and help make the Internet safer for everyone. "

Among the bulleted apple-pie goals on the DCU's home page are to:

  • Protect children from technology-facilitated crimes
  • Champion a healthy Internet marketplace for advertisers and businesses

It's hard to object to anyone taking down a botnet, especially if it's done with some respect for laws and legal procedures, as these appear to have done.

The self-inflating comic-book rhetoric of the blogs and announcements makes me suspicious, though.

The description above makes it sounds as if participants in Project Mars are major law enforcement agencies forming a first-ever alliance to attack a new form of crime.

In fact, they're just different departments at Microsoft, all of whom probably work on the same campus in Redmond and can be assigned, reassigned or defunded on the whim of their managers and state of Microsoft's financial statement, not the level of crime or will-of-the-people excuse real law-enforcement types use to explain their decisions.

Microsoft's corporate instincts owe little to the rights of end users, however. Its suggestion that PCs infected with malware be kicked off the Internet like lepers exiled to some island colony wasn't the most humanitarian response to the problem, for example.

Its historically adversarial, almost antagonistic approach to piracy that assumes customers are offenders unless proven otherwise raises another red flag that it might not be as sensitive or responsive to the rights of customers as it is to nailing what it perceives as a perpetrator.

That, combined with what sounds like a kind of grandiose approach to anti-malware operations that is much more Red Rascal than Bruce Schneier.

Again, it's hard to object to anything that effectively combats malware and botnets without stepping on the rights of end users.

I just look at officious enthusiasm like Microsoft's with more caution than optimism.

Kevin Fogarty writes about enterprise IT for ITworld. Follow him on Twitter @KevinFogarty.

This story, "Microsoft Foils Botnet; New Internet Sheriff?" was originally published by ITworld.

Note: When you purchase something after clicking links in our articles, we may earn a small commission. Read our affiliate link policy for more details.
Shop Tech Products at Amazon