Microsoft: We took out Storm botnet
- 23 April, 2008 07:34
- Comments
Microsoft Tuesday took credit for crushing the Storm botnet, saying that the malware search-and-destroy tool it distributes to Windows users disinfected so many bots that the hackers threw in the towel.
"They realized they were in our gun sights," said Jimmy Kuo, a principal architect with Microsoft's malware protection center, the group responsible for the Malicious Software Removal Tool (MSRT). Microsoft updates and automatically re-distributes the software tool to Windows users each month on Patch Tuesday.
Last year, said Kuo, the criminals behind the Storm Trojan -- malware designed to compromise PCs and add them to a botnet, or collection of infected machines -- tried to keep pace with Microsoft and the MSRT. "They were anticipating our monthly release [of MSRT]," said Kuo, "with new versions that were ready to go immediately before our release."
The bunch controlling the Storm botnet knew that it took Kuo's group several days to create new definitions for the MSRT, and that Microsoft held to a once-a-month release schedule for the tool. And they used that lag time and set schedule to their advantage.
"They knew that it takes [us] a week or more to create new definitions, and they were prepared to update their botnet immediately prior to MSRT releasing," he said, adding that the hackers would get a new version of the Trojan onto already-infected members of the Storm botnet to try to hold on to the machines after Windows had downloaded the newest version of the MSRT.
The idea was to preempt detection by swapping out the Storm bot already on the PC with a version less likely to be identified by the MSRT.
It didn't work, said Kuo. "They found out that even that was a losing battle," he said. "Even though they were able to maintain parts of their botnet, they knew they were in our gun sights. And ultimately they gave up."
- Bookmark this page
- Share this article
- Got more on this story? Email Computerworld
- Follow Computerworld on twitter
- Enterprise Buyers Guide for Tablets
- Stopping Fake Antivirus: How to Keep Scareware off Your Network
- Workshifting: How IT is Changing the Way Business is Done
- IDC Forecast: Worldwide Purpose - Built Backup Appliance 2011 – 2015, Forecast Update: Explosive Growth in 2011
- Improving Productivity in the Connected Enterprise Through Collaboration
-
Alternatives to Raspberry Pi you can get right now
-
Wednesday Grok: Microsoft’s browser lockout is to be pitied more than despised
-
Change My Password logs 10 millionth account
-
Brain drain: Where Cobol systems go from here
-
The ABCs of camera phone technology
-
Microsoft Office
-
Windows 7 for Seniors for Dummies®
-
Computers for Seniors for Dummies, 2nd Edition
-
Office 2007 All-In-One Desk Reference for Dummies
-
MYOB Software for Dummies 6E Australian Edition
-
Excel 2007 All-In-One Desk Reference for Dummies
-
Windows 7 for Dummies® Dvd+book Bundle
-
Windows 7 for Dummies®
-
Teach Yourself Visually Windows 7
Comments
Post new comment