Reference no: EM131040167
Fighting Botnets
Fire Eye (www.fireeye.com) is one of the world's most effective private cybercrime fighters. The company defends corporations and governments against targeted malicious software. Fire Eye's clients include Fortune 500 companies and members of the U.S. intelligence community. Fire Eye's software examines the entire lifecycle of malicious software, how the malware operates in a network, what the malware is looking for, which servers delivered the malware, and which control servers the malware receives its orders from. Since 2005,
Fire Eye has deflected some of the world's most destructive online attacks, including:
• Aurora, the attack originating in China that targeted Google and other technology firms in 2009;
• core flood, the botnet that had been stealing millions of dollars from global bank accounts since the mid-2000s and possibly earlier;
• Zeus, a program that used personal information to steal hundreds of millions of dollars from financial institutions in 2007. To understand why FireEye is so effective, consider its confrontation with the Rustock botnet.
Rustock was the most advanced botnet ever released onto the Web. It reeled people in by putting out spam that advertised fake drugs, online pharmacies, and Russian stocks. Then, from 2007 to 2011, Rustock quietly and illegally took control of more than a million computers around the world. Symantec, a computer security company, found that Rustock generated as many as 44 billion spam e-mails per day, nearly half of the total number of junk e-mails sent per day worldwide. Profits generated by Rustock were estimated to be in the millions of dollars. For months, FireEye collaborated with Microsoft and Pfizer to plot a counterattack. Microsoft and Pfizer became involved because Rustock was selling fake Viagra, a Pfi zer product, as well as sham lotteries using the Microsoft logo. Working from FireEye's intelligence, in March 2011 U.S.
Marshals stormed seven Internet data centers across the United States where Rustock had hidden its 96 command servers. Microsoft lawyers and technicians and computer forensics experts also participated in the raids. A team deployed to the Netherlands confiscated two additional Rustock command servers. Although the operation was executed flawlessly, Rustock was able to fight back. From an unknown location, the botmaster (the person or persons controlling the bots, or zombie computers) remotely sneaked back into its network, locked out Microsoft's technicians, and began to erase fi les. Clearly, the Rustock masterminds did not want anyone to discover the information contained inside their hard drives. After some difficulty, the Microsoft technicians were able to regain control of the servers. However, the data that were erased in the 30 minutes that the Microsoft technicians required to regain control of their servers may be lost forever. As Fire Eye and its partner companies analyzed Rustock's equipment, they discovered that much of it was leased to customers with addresses in the Asian nation of Azerbaijan, which shares a border with Russia. Forensic analysis of the captured servers pointed Rustock's opponents to Moscow and St. Petersburg.
Rustock had used the name Cosma2k to conduct business on the Internet, and it maintained a WebMoney account (www.webmoney.com) under the name Vladimir Alexandrovich Shergin. No one knows whether Shergin was a real name or an alias. However, Web Money was able to inform investigators that "Shergin" had listed an address in a small city outside Moscow. On April 6, 2011, Microsoft delivered its first status report in its lawsuit against Rustock to the federal court in Seattle (Microsoft headquarters). Then, on June 14, Microsoft published notices in Moscow and St. Petersburg newspapers, detailing its allegations against the botnet spammer. The notices urged the perpetrators of Rustock to respond to the charges or risk being declared guilty. Microsoft also offered (and is still offering) $250,000 for information about the identity of the person or persons operating the botnet. Unfortunately, the Rustock perpetrators have still not been caught, and security experts believe that more than 600,000 computers around the world are still infected with Rustock malware. Sources:
Questions
1.Describe why it was so important for law enforcement officials to capture all 96 Rustock command servers at one time.
2.If the perpetrators of Rustock are ever caught, will it be possible to prove that the perpetrators were responsible for the malware? Why or why not? Support your answer.
What is the equilibrium price of laptops
: Consider the market for laptops. The demand for laptops is Q = 1800 - 3P. Suppose the supply of laptops is given by Q= -200 +2P. Enter numbers only. If decimal, include decimal and round to nearest tenth. What is the equilibrium price of laptops?
|
What does that mean to you as a manager
: What are the major capital budgeting models and why are they essential to the firm's earnings, capital growth and value creation?
|
Sales and operations planning can be integrated
: Summarize the ways through which sales and operations planning can be integrated. Then, extend your findings to additional supply chain management processes that you feel could be better integrated. Which two (or more) processes did you integrate? Wh..
|
Accused of artificially undervaluing
: China has been accused of artificially undervaluing their currency over the past several years. If that is true, what is the impact on the United States and on China as those two countries are the largest two economies in the world?
|
Most effective private cybercrime fighters
: Fire Eye (www.fireeye.com) is one of the world's most effective private cybercrime fighters. The company defends corporations and governments against targeted malicious software. Fire Eye's clients include Fortune 500 companies and members of the ..
|
Patient protection and affordable care act law
: A major change in health care law in the U.S. is the recent the passage of the Patient Protection and Affordable Care Act of 2010. How did each of the various sources of our laws – common, statutory, and administrative – play a role in making the PPA..
|
How much did gdp increase through the whole process
: Sally buys strawberries for $5, and makes chocolate covered strawberries, sells them to a market down the street for $22, and then the market sells it for $38. How much did GDP increase through the whole process?
|
Characteristics of a perfect competitive market
: What are some of the characteristics of a perfect competitive market?
|
Employee free choice act
: In several congressional sessions, an Employee Free Choice Act was proposed in which unions could organize workplaces through a card check without a secret ballot election. Would company managers prefer a secret ballot or a card check? Why would unio..
|