To attack Citadel, Microsoft used a technique called "sinkholing", which involves taking over the domain that’s being used by the command-and-control servers, so that the infected PCs take orders from Microsoft instead of the original operators – thus cutting off the criminals.we've decided to make the below MileWeb Termsof Service available.
As Rik Ferguson,Our Managed MileWeb Private Cloud and Virtual Dedicated Servers. vice president of security research at Trend Micro, explained, this approach is used by researchers "to discover more about exactly what’s being done and how it’s being done,Our cheap dedicated server are ready-to-go and can be deployed. and what kind of new software updates are being pushed out through botnet networks".
In fact, many of the domains seized by Microsoft had already been taken over and neutralised by other security researchers investigating Citadel. Security researcher Roman Huessy, writing in a blog post, argued that Microsoft’s action was not only a waste of time, but also actively damaging to research efforts. He noted that a register of sinkholes had been set up by researchers, which Microsoft could have looked at and used to be "more selective in which domain names it took control of". He concluded that the operation was "nothing more than a PR campaign by Microsoft".
Microsoft defended its tactics, saying its first priority is user security. "Many researchers agree that the goal of research should not just be observation for observation’s sake, passively watching while people continue to get victimised daily, but to apply the fruits of such research to help actively protect the public from the threat cybercrime poses," said Richard Boscovich, assistant general counsel at Microsoft’s Digital Crimes Unit. However, he said the company will "[take] steps to evolve the co-ordination of such efforts in future operations".
In addition to taking out researchers’ work, Microsoft has also been accused of missing many active botnet domains. "There’s a large percentage of domain names that we were tracking which are still active and weren’t part of Microsoft’s list of targets, as well as a set of domains that were on their list that still seemed to be functioning when we last checked them," said James Lyne, director of technology strategy at Sophos.
Microsoft’s unilateral approach wasn’t the only aspect of the Citadel takedown that raised concerns. Having taken over the botnet domains, Microsoft used them to push new configuration files to infected PCs, warning users about the malware.
Although the move had "the best possible intentions", Trend Micro’s Ferguson noted that it was "strictly speaking not legal in many jurisdictions", falling foul of laws such as the UK’s Computer Misuse Act, which bans unauthorised access and changes to PCs.
"In some regards, these code updates are a bit of risky business, but it’s good to see people being more aggressive in taking down cybercriminal networks," he said. "When you consider the general rate of success of malicious code over the past couple of years, we need to be exploring these more aggressive mechanisms."
Click on their website www.mileweb.com/public-cloud for more information.
沒有留言:
張貼留言