Court order helps Microsoft tear down Waledac botnet
IDG News Service - With the help of a federal judge, Microsoft has struck a blow against one of the Internet's worst sources of spam: the notorious Waledac botnet.
Microsoft said late Wednesday that it had been granted a court order that will cut off 277 .com domains associated with the botnet. This will effectively knock the brains of Waledac off the Internet, by removing the command-and-control servers that criminals use to send commands to hundreds of thousands of infected machines.
Thought to be used by Eastern European spammers, Waledac has been a major source of computer infections and spam over the past year. Microsoft believes the botnet can send over 1.5 billion [b] spam messages daily.
In a lawsuit against the unknown spammers behind Waledac, filed Monday with the U.S. District Court of Eastern Virginia, Microsoft argues that Verisign, which manages the .com domain, is a choke-point for the botnet. The court has apparently ordered Verisign to remove the botnet's command-and-control domains from the Internet.
"This action has quickly and effectively cut off traffic to Waledac at the '.com' or domain registry level, severing the connection between the command and control centers of the botnet and most of its thousands of zombie computers around the world," Microsoft said in its blog post announcing the effort.
Microsoft designed its lawsuit so the court order would sever the control ties to the botnet before its controller had time to react. "That unplugging of the Internet connection had to be done without him knowing," said Richard Boscovich, a senior attorney at Microsoft's digital crimes unit, in a video on the blog post.
Many of the affected domains already appeared to be gone after Microsoft's announcement, but others still appeared to be up.
Verisign could not immediately be reached for comment.
Because Waledac uses peer-to-peer techniques to control hacked boxes as well, Microsoft has more work to do, however.
"It's a busy night tonight and tomorrow is probably going to be a busy day as well," said Jeff Williams, director of Microsoft's Malware Protection Center in an e-mail interview.
Williams didn't provide details on what Microsoft was doing to further attack Waledac, but in its blog posting the company said it is "taking additional technical countermeasures to downgrade much of the remaining peer-to-peer command and control communication within the botnet." Microsoft expects to "continue to work with the security community to mitigate and respond to this botnet," the post states.
Known internally as Operation b49, Microsoft's takedown operation "was the result of months of investigation and the innovative application of a tried and true legal strategy," Microsoft said.
Microsoft tried to strike a blow against Waledac last April, by adding detection for the infection to its Malicious Software Removal tool. But that didn't stop the botnet, and spam levels have remained high.
"They didn't kill it," said Paul Ferguson , a researcher with Trend Micro, via instant message. "I've been getting a boat-load of Waledac spam lately."
The majority of the domains ordered cut off are listed as having owners with contact details in China. The domains were registered with a small number of Chinese domain registrars, according to the Microsoft complaint, including one that was recently ordered by China's domain name overseer to improve its verification of customer information used to register domains.
(Owen Fletcher in Beijing contributed to this story.)
- University of North Florida breach exposes data on 107,000 individuals
- Zeus Trojan bust reveals sophisticated 'money mules' operation in U.S.
- GAO slams White House for failing to lead on cybersecurity
- Man charged with attack on Web site of Fox News' Bill O'Reilly
- Heartland breach expenses pegged at $140M -- so far
- IT contractor gets five years for $2M credit union theft
- Democracy would suffer if Google left China, says MIT panel
- Gonzalez accomplice gets five years for hacking TJX
- Threat of cyberattacks from overseas high, federal IT execs say
- Botnets 'the Swiss Army knife of attack tools'
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- 2013 Cyber Risk Report The "Cyber risk report 2013 Executive summary" presents the major findings of HP Security Research's comprehensive dive into today's cyber vulnerability and threat...
- Binary Option: Neustar SiteProtect Case Study Learn how Neustar helped Top10optionbinaire.com protect against DDoS attacks with SiteProtect DDoS mitigation technology.
- Four Ways DNS Can Accelerate Business Growth This DNS eBook describes how DNS has developed over the years to support business growth as new needs have emerged, for example, advanced...
- Architecting the Network of the Future Networks need to change, as does the way IT thinks about and manages them. In addition to reliability, IT must now add higher...
- Ecommerce Site Needs Protection Against Cyber 'Pirate' Learn how a Neustar customer thwarted 'Blackbeard,' a self-styled DDoS Pirate. Using Neustar SiteProtect, a cloud-based DDoS mitigation service, this everyday IT hero...
- Tales from the Trenches - Industry Risks and Examples of DDoS Watch Neustar experts as they discuss how DDoS impacts technology companies including online gaming, e-commerce and more. All Network Security White Papers | Webcasts