Radsoft
 About | Buy | News | Products | Rants | Search | Security
Home » Security

Microsoft's Rustock Reward Doesn't Spin

Redmond propaganda provides no protection from the truth.


Get It

Try It

Brian Krebs reports that Microsoft are offering a cool quarter million for information leading to the arrest of the hackers behind the Rustock botnet. No one's impressed.

From Wikipedia:

'The Rustock botnet was a botnet that operated from around 2006 until March 2011. It consisted of computers running Microsoft Windows, and was capable of sending up to 25,000 spam messages per hour from an infected PC. At the height of its activities, it sent an average of 192 spam messages per compromised machine per minute.'

Microsoft coordinated an op against Rustock on 16 March 2011 and got the botnet taken down.

Krebs points out that at its height Rustock sent 40% of all spam in the world but today is a 'defunct crime machine'.

Microsoft's Richard Boscovich admits there are still hundreds of thousands of infected Windows computers. And anyone outside Redmond with a clue can understand it's only a matter of time before a new control centre takes advantage of them.

Boscovich offered the following about the $250 K reward on his blog.

'This reward offer stems from Microsoft's recognition that the Rustock botnet is responsible for a number of criminal activities and serves to underscore our commitment to tracking down those behind it.'

Gee thanks, Bosco. But Bosco has more to say - he's not a techie: he's a lawyer hired on by Microsoft as a spin doctor.

'While the primary goal for our legal and technical operation has been to stop and disrupt the threat that Rustock has posed for everyone affected by it, we also believe the Rustock bot-herders should be held accountable for their actions.'

Yep, you tell 'em, Bosco. Now lets make a few things clear and, as they say on the street, cut through the bullshit.

  • Bill Gates visited the Microsoft campus last month. He took a quick stroll around and ran into Steve Ballmer who was outside banging chairs against a wall. Bill told Steve he'd wasted fifteen minutes of his precious time looking at sights they'd all seen a thousand times before.

    'But you made another quarter of a million in those fifteen minutes!' Ballmer told him. 'So your stroll hasn't been totally unprofitable!'

    Moral of the story? One quarter million US greenbacks doesn't even qualify as pocket change for Microsoft. It's nothing. Not even pittance.

  • Why hunt the Rustock authors down? The botnet's gone, they're making no effort to clean the hundreds of thousands (millions) of PCs running their Windows, and it's just going to happen again - so why the chase?

The chase is for show only. It's like putting Elliot Ness in Chicago to fight bootlegging when everybody knows booze is going to be legal again in a short time. It's a show for the peanut gallery.

Revamping Windows so it's secure would cost Microsoft billions in lost revenues. It wouldn't take a lot of labour - Microsoft could use any of the liberally licensed Unix distros out there (such as Apple's FreeBSD) and come up with a winner.

But Microsoft would lose on the third party software market. There are millions of software titles out there and they're all dependent on Microsoft Windows' wobby security. Giving their customers a decent operating system would break all those applications. Windows customers would probably not want to wait around as the third party vendors scrambled to get their products updated - they'd go over to Ubuntu or Red Hat or Debian or OpenBSD or Apple. Microsoft would lose their 90% market hegemony once and for all.

The dismal alternative - not exactly a secret on the Redmond campus - is that you have to keep on bullshitting Joe and Josephine Six-Pack, keep people from thinking about how it's a simple issue that requires simple remedies where unfortunately the real culprits in Redmond would totally lose out. Better to spend inordinate sums on spin and pompous reward programs than to suffer complete corporate defeat.

'I'm gonna tell you something. Somebody messes with me, I'm gonna mess with him. Somebody steals from me, I'm gonna say you stole. Not talk to him for spitting on the sidewalk. Understand? Now I have done nothing to harm these people, but they are angered with me. So what do they do? Doctor up some income tax for which they have no case. To speak to me like men? No. To harass a peaceful man. I pray to god if I ever have a grievance, I'd have a little more self-respect. One more thing: you have an all-out prize fight, you wait until the fight is over, one guy is left standing. And that's how you know who won.'
 - Al Capone

'More than a million Microsoft Windows machines were infected with a strain of malware designed to hijack results when users search for keywords at Google.com and other major search engines.'
 - Brian Krebs

Windows® is a registered trademark of Microsoft Corporation® nobody else wants.

See Also
Krebs on Security: Google: Your Computer Appears to Be Infected
Krebs on Security: Microsoft Offers $250K Bounty for Rustock Author

About | Buy | News | Products | Rants | Search | Security
Copyright © Radsoft. All rights reserved.