In the last several weeks, a host of makers of Android devices have agreed to pay Microsoft fees for alleging using Microsoft patents when deploying Android on their devices. Why is that happening? It appears that Microsoft may have found a way to legally game the patent system.

Best Microsoft MCTS Training, Microsoft MCITP Training at certkingdom.com

Quite a few phone makers have agreed to pay the fees. Last year, HTC agree to pay royalties for the patents. Then in the last week in June, two more manufacturers inked a deal with Microsoft. Velocity Micro signed a deal for for its Android-based Cruz table, and General Dynamics Itronix signed a deal for a small Android GPS device that can be worn on the wrist.

More recently, Onkyo signed a similar deal, as did Wistron, for smartphones, tablets, and other devices.

Why are these companies agreeing to pay up? Timothy Lee in his blog on Forbes, lays out the most logical and compelling reasons I’ve yet heard.

Lee notes that Microsoft has been stockpiling patents for many years, and that it currently has about 18,000 patents in its portfolio. Google, by way of contrast, has been granted only 700. This isn’t because Microsoft is more innovative than Google, he argues. It’s because Microsoft has instilled the idea of trying to grab any patent it can, no matter how far-fetched, into its culture. Google hasn’t done the same.

What does this have to do with Android device makers agreeing to pay for Microsoft patents? Plenty. Lee says that Android has approximately 10 million lines of code in it, and then says:

Auditing 10 million lines of code for compliance with 18,000 patents is an impossible task—especially because the meaning of a patent’s claims are often not clear until after they have been litigated. Most Silicon Valley companies don’t even try to avoid infringing patents. They just ignore them and hope they’ll be able to afford good lawyers when the inevitable lawsuits arrive.

Microsoft has a substantial budget for its legal staff, and can easily afford to sue as many manufacturers as it wants. Those manufacturers, though, typically don’t have big legal warchests. They simply find it easier and less expensive to pay Microsoft for the patents, even if they don’t believe they are infringing.

First bounty since 2009, when Microsoft offered cash for Conficker’s makers

Computerworld – Microsoft upped the ante on Monday in its months-long battle against the Rustock botnet by posting a $250,000 reward for information that leads to the arrest and conviction of the hackers who controlled the malware.

Best Microsoft MCTS Training, Microsoft MCITP Training at certkingdom.com

It was the first time Microsoft used its malware bounty program since February 2009, when it offered the same amount for the people responsible for the fast-spreading Conficker worm.

Microsoft announced the reward early Monday in a blog written by Richard Boscovich, a senior attorney with the company’s digital crimes unit. Microsoft also posted a reward document (PDF) that included an email address for tipsters.

“We decided to augment our civil discovery efforts to identify those responsible for controlling the notorious Rustock botnet by issuing a monetary reward in the amount of $250,000 for new information that results in the identification, arrest and criminal conviction of such individual(s),” Boscovich wrote.

More in Cybercrime & Hacking

Microsoft kicked off a takedown of Rustock in March, when its lawyers, including Boscovich, and U.S. marshals seized the botnet’s U.S.-based command-and-control servers.

Since then, the number of Windows PCs infected with the malware has dropped worldwide from 1.6 million to just over 700,000 as of mid-June, Boscovich reported earlier this month.

Although Microsoft published legal notifications in Russian newspapers last month — a legal formality designed to give potential defendants an opportunity to respond to charges — it has not identified the “John Does” named in a U.S. federal lawsuit.

In an interview two weeks ago, Boscovich said that Microsoft believes the Rustock operators reside in either St. Petersburg or Moscow.

But Microsoft’s hacker bounty program has had mixed results.

Although Microsoft launched the reward program in November 2003 with a $5 million fund, and has offered $250,000 bounties five times in the past, it has paid out only once, in 2005.

In that instance, two people split a reward for identifying a German teenager as the maker of Sasser.

Sven Jaschan, who was arrested in 2004, confessed to crafting the worm during his trial the following year. Jaschan was eventually sentenced to 21 months of probation.

Before Monday, Microsoft had also posted rewards for the makers of the Blaster, Sobig, MyDoom and Conficker worms. Those rewards have gone unclaimed, however.

Two weeks ago, Boscovich refused to guarantee that Microsoft would be able to name those responsible for Rustock, but he said he liked the company’s chances. “I believe there’s a strong likelihood [that we’ll identify someone], but it’s not a guarantee,” he said.

While Boscovich didn’t promise that the new reward would lead authorities to the Rustock botnet herders, he said Microsoft wouldn’t give up.

“We will continue to follow this case wherever it leads us and remain committed to working with our partners around the world to help people regain control of their Rustock-infected computers,” Boscovich said.

‘Nothing is impossible,’ says Microsoft attorney, countering claims that the TDL-4 botnet is untouchable

Computerworld – No botnet is invulnerable, a Microsoft lawyer involved with the Rustock takedown said, countering claims that another botnet was “practically indestructible.”

Microsoft MCTS Certification, MCITP Certification and over 2000+ Exams at Actualkey.com

“If someone says that a botnet is indestructible, they are not being very creative legally or technically,” Richard Boscovich, a senior attorney with Microsoft’s Digital Crime Unit said Tuesday. “Nothing is impossible. That’s a pretty high standard.”

Instrumental in the effort that led to the seizure of Rustock’s command-and-control servers in March, Boscovich said Microsoft’s experience in takedowns of Waledac in early 2010 and of Coreflood and Rustock this year show that any botnet can be exterminated.

“To say that it can’t be done underestimates the ability of the good guys,” Boscovich said. “People seem to be saying that the bad guys are smarter, better. But the answer to that is ‘no.'”

Last week, Moscow-based Kaspersky Labs called the TDL-4 botnet “the most sophisticated threat today,” and argued that it was “practically indestructible” because of its advanced encryption and use of a public peer-to-peer (P2P) network as a fallback communications channel for the instructions issued to infected PCs.

Takedowns like those of Waledac, Rustock and Coreflood have relied on seizing the primary command-and-control (C&C) servers, then somehow blocking the botnet’s compromised computers from accessing alternate C&C domains for new instructions.

By doing both, takedowns decapitate the botnet, let researchers or authorities hijack the botnet, and prevent hackers from updating their malware or giving the bots new orders. That also gives users time to use antivirus software to clean their systems of the infections.

Kaspersky senior malware researcher Roel Schouwenberg said that TDL-4’s use of P2P made the botnet an extremely tough nut.

“Any attempt to take down the regular C&Cs can effectively be circumvented by the TDL group by updating the list of C&Cs through the P2P network,” Schouwenberg said last week. “The fact that TDL has two separate channels for communications will make any takedown very, very tough.”

Boscovich disagreed, noting that the February 2010 takedown of Waledac successfully suppressed that botnet’s P2P command channel.

“[Waledac] was a proof of concept that showed we are able to poison the peer-to-peer table of a botnet,” Boscovich said.

“Each takedown is different, each one is complicated in its own way,” said Boscovich. “Each one is going to be different, but that doesn’t mean that there cannot be a way to do this with any botnet.”

Alex Lanstein, a senior engineer with FireEye who worked with Microsoft on the Rustock takedown, said that the relationships Microsoft has built with others in the security field, with Internet service providers, and with government legal agencies like the U.S. Department of Justice and law enforcement were the most important factors in its ability to take down botnets, any botnets.

“It’s the trust relationships Microsoft has created” that have led to successful takedowns, said Lanstein. “And I think [the technique] speaks to any malware infrastructure where some kind of data feed exists. It really, really works.”

Those who disagree with Boscovich and Lanstein include not only Kaspersky’s Schouwenberg, but also Joe Stewart, director of malware research at Dell SecureWorks and an internationally known botnet expert.

“I wouldn’t say it’s perfectly indestructible, but it is pretty much indestructible,” Stewart said in an interview last week about TDL-4. “It does a very good job of maintaining itself.”

But SecureWorks also acknowledged Microsoft’s takedown chops, saying that its own statistics show that Rustock attacks have dropped tenfold since March.

“Since mid-March 2011, Dell SecureWorks’ CTU [Counter Threat Unit] research team has seen a significant decline in the number of attempted Rustock attacks, and we do attribute it to the comprehensive efforts of Microsoft,” a SecureWorks spokeswoman said Tuesday.

“With the Rustock takedown, Microsoft has built the framework for others to do the same,” Lanstein said. “This is definitely not the last botnet we’re going to go after.”

He declined to name the next likely target, saying that doing so would tip Microsoft and FireEye’s hand.

First bounty since 2009, when Microsoft offered cash for Conficker’s makers

Computerworld – Microsoft upped the ante on Monday in its months-long battle against the Rustock botnet by posting a $250,000 reward for information that leads to the arrest and conviction of the hackers who controlled the malware.

Best Microsoft MCTS Training, Microsoft MCITP Training at certkingdom.com

It was the first time Microsoft used its malware bounty program since February 2009, when it offered the same amount for the people responsible for the fast-spreading Conficker worm.

Microsoft announced the reward early Monday in a blog written by Richard Boscovich, a senior attorney with the company’s digital crimes unit. Microsoft also posted a reward document (PDF) that included an email address for tipsters.

“We decided to augment our civil discovery efforts to identify those responsible for controlling the notorious Rustock botnet by issuing a monetary reward in the amount of $250,000 for new information that results in the identification, arrest and criminal conviction of such individual(s),” Boscovich wrote.
Cybercrime Watch

Microsoft kicked off a takedown of Rustock in March, when its lawyers, including Boscovich, and U.S. marshals seized the botnet’s U.S.-based command-and-control servers.

Since then, the number of Windows PCs infected with the malware has dropped worldwide from 1.6 million to just over 700,000 as of mid-June, Boscovich reported earlier this month.

Although Microsoft published legal notifications in Russian newspapers last month — a legal formality designed to give potential defendants an opportunity to respond to charges — it has not identified the “John Does” named in a U.S. federal lawsuit.

In an interview two weeks ago, Boscovich said that Microsoft believes the Rustock operators reside in either St. Petersburg or Moscow.

But Microsoft’s hacker bounty program has had mixed results.

Although Microsoft launched the reward program in November 2003 with a $5 million fund, and has offered $250,000 bounties five times in the past, it has paid out only once, in 2005.

In that instance, two people split a reward for identifying a German teenager as the maker of Sasser.

Sven Jaschan, who was arrested in 2004, confessed to crafting the worm during his trial the following year. Jaschan was eventually sentenced to 21 months of probation.

Before Monday, Microsoft had also posted rewards for the makers of the Blaster, Sobig, MyDoom and Conficker worms. Those rewards have gone unclaimed, however.

Two weeks ago, Boscovich refused to guarantee that Microsoft would be able to name those responsible for Rustock, but he said he liked the company’s chances. “I believe there’s a strong likelihood [that we’ll identify someone], but it’s not a guarantee,” he said.

While Boscovich didn’t promise that the new reward would lead authorities to the Rustock botnet herders, he said Microsoft wouldn’t give up.

“We will continue to follow this case wherever it leads us and remain committed to working with our partners around the world to help people regain control of their Rustock-infected computers,” Boscovich said.