Microsoft steals spotlight in botnet takedown from Kaspersky, which did the work
Kaspersky Labs turns out to have been the key, though Microsoft was definitely the mouthpiece
I always get a little suspicious when vendors are too eager to toot their own horns about all the public good they do.
Corporations tend not to be that interested in the public good beyond the benefit it brings them in the occasional bit of good publicity.
That's not a slam on corporate morality; when you work for a company, especially when you're one of the top decision-makers, your responsibility is to the owners. The owners are shareholders who, with their attention divided among many different companies or mutual funds, each of which they own a tiny piece of, don't gather en masse to endorse charitable spending by corporate execs who can be perceived as glossing their own images using shareholder money.
Microsoft's pursuit of spam-spewing botnets has some flavor of the insincere effort in the public good, but its reputation for security was so bad for so long that anything it can do to be obviously reducing security risks to its customers is a good thing for its image and the security of its customers.
Knocking down a botnet is a particularly good way to do it. It's high profile, you usually don't catch the perpetrators, so no one has to feel sorry for 19-year-old hackers like Topiary – the LulzSec spokestroll arrested in England for not being entirely circumspect about his online activities, but who looks like such an innocent in the perp-walk pictures it's hard to imagine the mouth on that kid.
Knocking down a botnet has an even greater impact for Microsoft: the fewer botnets spewing fewer phishing and malware-infected email, the fewer actual risks will be arriving in the email of its customers and the fewer will be victimized.
The fewer who are victimized, the smaller the number of them who will automatically blame Microsoft whenever anything bad happens.
It turns out Microsoft was little hasty in announcing "its" success Wednesday, though.
Microsoft – in the personage of the attorney who runs its Digital Crimes Unit – announced that it had tracked the botnet command servers to their lair and there slew them with a mighty request to a local court for an injunction allowing it to remove the IP addresses from those servers without the owners' permission.
It was stirring. It went heavy on the legalese. I had goosebumps.
It was actually Kaspersky Labs that did all the taking down. Kaspersky actually does security, rather than duct-taping over holes created generations of software ago to make bundling of its products simpler, as did Microsoft.
Microsoft lawyers may have filed the injunctions and smoked the cigars, but Kaspersky lab techs tracked the virus back to its CnC servers, allowed one of its own servers to be infected, then helped shut down the main bank of controllers.
That leaves Kaspersky's server the only point of contact for a botnet with 80-some-thousand Zombies attached to it – and just a few weeks before Halloween.
Kaspersky was also responsible for identifying and helping to catch the two people charged in running the botnet – a rare success in the world of long-distance, proxy-of-a-proxy-of-a-proxy anonymous hacking.
It also provided the technology that made it possible to trace the botnet in the first place.
Shame on you, Microsoft. You need to learn to share the credit, especially when someone else did most of the work.
Reuters: Screen at FBI cybercrime anti-spam, anti-botnet training academy.