* "The bad guys will feel the punch"
* "the identity of the botnet's main controller is unknown"

How do these two statements play together?

Microsoft has known about these sorts of botnets for years. They've been very particular about how and when they deal with them. If they were any more proactive I think we'd see a huge outcry in the tech press.

How do these two statements play together?

Why would it make a difference if they knew the people coordinating this? Shutting down this network will certainly hurt the investment that was put into this system...that seems obvious.

[edited by: bill at 4:19 am (utc) on Jun 8, 2013]

* "The bad guys will feel the punch"
* "the identity of the botnet's main controller is unknown"

LOL, somewhere in a private bunker, hidden behind privacy screens, Mr. Evil will scream "Noooooo!" as he sees his dastardly plans thwarted. He fears this more than prison!

In a strange twist, we'll learn the botnet controller is actually Penguin, and it's about ready to take over Skynet. ;)

Shutting down this network will certainly hurt the investment that was put into this system...that seems obvious.

Let's see:
How much is it for renting a server in a low cost hosting company ?
Even if the criminals rent many the investment is low. And if they use the servers they'll pay for themselves each and every month multiple times.

Let's see:
How much is it for renting a server in a low cost hosting company ?

You can't seriously think I was referring only to hosting costs.

They have to pay some serious money for a zero-day exploit that hasn't been and likely won't be patched. Then there's software development and maintenance...staff to go through gathered data... This is not some fly-by-night operation run on a shoestring budget. Sure the rate of return is going to be favorable, but it's not going to be inexpensive to run something like this.

They have to pay some serious money for a zero-day exploit that hasn't been and likely won't be patched.

Serious money:
-------------
zero day exploits are offered for a few thousand on the black market.

The effort in weaponizing it and integrating it is not all that much in most cases I've looked at myself. It takes in elapsed time days at most. An most of these guys that do that are rather asocial, so let's assume it takes days at most for somebody with the right skillset.

Patching:
--------
- If the security bug is not made public and not massively exploited, it takes many months - I've seen up to well over a year between the first victim detecting it and Microsoft actually bothering enough to roll out a patch on Black Tuesday.
- It then takes months to many years before the victims the attackers are interested in actually deploy those patches.

So while it's true there's a limited shelf life to exploits, using them just below the radar of the mass press is enough to keep them good for many years to come - although they do deteriorate in value.


Taking away the command and control infrastructure of a botnet takes away 2 things (if done properly)
- the bots (now most botnet operators build in a lot of failsafe mechanisms these days in order to recuperate bots in the case of a command and control seizure)
- the control infrastructure itself
It does not take away in knowledge or code (and most likely also not any data that's considered valuable by the attackers (they'll store it in many places and retrieve it).

But taking that away is taking away things they "stole" from others, so even if they lost it, you cannot take back their initial investment in any way: they'll have gained orders of magnitudes more than they ever paid. And the most valuable resources can't be seized till you grab the culprits and put them behind bars (and even then ...)


To me rolling it up as a tool is valuable to protect the masses, but it's FAR from a blow to the bad guys.
They ROTFL with what MSFT's marketing and the press make of this for sure.