Huge win for the M Team. Happy to see MSoft is still trying their best to protect their customers. I imagine money spent to do it this way was much cheaper than removing this content from users computers world wide.
They probably found it pretty simple after shutting down Waledac earlier. Same team, different target.
"However, Rustock’s infrastructure was much more complicated than Waledac’s, relying on hard-coded Internet Protocol addresses rather than domain names and peer-to peer command and control servers to control the botnet."
Most of the advanced ones are. They're also mostly using overlay network topologies, which can be hard to distinguish from other P2P traffic and forms a considerable amount of resiliency. Just turns out that this was one of the older, more primitive botnets.
Senderbase has some interesting spam statistics which are reported from Cisco/IronPort security appliances around the world. After today is over and the stats are calculated, there might be some interesting data.
Do you honestly believe market share is the only reason we don't see malware for other platforms?
I can assure you the zillions of Linux servers you see sitting unattended for years on very fat pipes are really attractive targets. Yet, you don't hear about server botnets... There must be a reason for that.
These "unattended" servers have far, far fewer security mechanisms in place than even XP SP2. If someone wanted to target them, they would. However, it's insanely easy to find Windows machines, which is all that's important for botnets. It's not hard at all to take over either an unpatched Linux machine or an unpatched Windows machine, but volume is all that counts here. You want hundreds of thousands (sometimes millions) of machines to send spam from.
Market share is all that matters here, not technology at all.
> servers have far, far fewer security mechanisms in place than even XP SP2
According to your reasoning, IE6 is the most secure browser because it has the most security patches. If you have fewer vulnerabilities to start with, you'll end up with fewer, simpler (and thus more reliable) security mechanisms.
Windows has improved a lot. I suppose 2008r2 is reasonably secure and should be able to stay secure when exposed to the net, but the internal complexity of its security mechanisms is huge and, therefore, a lot can go wrong.
Except that mechanisms like DEP, ASLR, heap cookies, etc are being applied to all systems. Why? Because all of these OSes are vulnerable to the same classes of flaws.
Since XP SP2, Windows has led the way in protecting code itself. Linux is largely on par these days, with OS X trailing way behind (they're playing catch-up now).
As far as complexity, I strongly recommend you actually look at the protections in place. Those on Windows are significantly simpler (and more effective) than those on Linux, as of Windows Vista. The new heap, the simplified ASLR, etc all made things considerably simpler and harder to attack.
> all of these OSes are vulnerable to the same classes of flaws.
They are. It's an unavoidable fact of life for the kind of computer we use (read x86 PC). But don't confuse being potentially vulnerable to a type of attack to actually being vulnerable to a specific attack of this type. In order to be vulnerable, you not only have to, say, allow a user-mode program to write on a page marked as executable (something I remember some high-end processors from the late 80's could prevent) but you actually must have a buffer overflow to go with it. Unless both conditions are met, you are not at risk.
As far as actual complexity of the implementations are concerned, I can't evaluate Microsoft's, as the implementation is secret. I cannot, however, imagine how the Windows implementations can be simpler, for Windows is a much more complex operating system than either Linux or *BSDs. As alexandros pointed out, a larger surface means more to defend.
You would expect a badly architected system to have -more- security mechanisms, as it has a more complex surface to defend. You wouldn't expect it to be more secure though.
Presumably, because most botnets consist of Windows computers. If Windows security were better, building a botnet would be difficult.
That said, most botnets consist of old unpatched Windows computers or spreads via third-party software (e.g. Flash/Acrobat Reader), and MS' market share means that it will be targeted even if it their security is no worse than their competitors'. Windows security still could be better, but I don't think blaming Microsoft is as justified as it was before e.g. XP SP2.
The only reason most botnets consist of Windows computers is because Windows is ubiquitous, difficult for the average Windows user to secure, and full of security issues from add-ons and plugins.
Look for future malware to be spread using the biggest rarely updated smartphone platform (currently Android).
Cell carriers really need to realize that they're effectively selling perpetually-connected pocket-sized computers, and that refusing updates because they're "not in the business plan" is going to cause them an inordinate amount of grief due to malware.
They still won't be able to bend reality to their convenience. When this can of worms is opened, it will be nasty.
The only thing that may come to their aid is that telcos have a power over the phones that connect to them no PC OS maker has. Well... Maybe Apple will get there...
And, BTW, once phone manufacturers realize they need to provide security updates for the life of the phones, they will trim their lineups down to very manageable levels.
> The only reason most botnets consist of Windows computers is because Windows is ubiquitous, difficult for the average Windows user to secure, and full of security issues from add-ons and plugins.
They probably found it pretty simple after shutting down Waledac earlier. Same team, different target.