Categories: SecurityWorkspace

Microsoft Takes On Waledec Botnet After Legal Win

Microsoft has successfully used the law in the fight against spam, after being granted a court order to cut off hundreds of domains believed to be propagating the Waledac botnet.

According to the company, a federal judge in Virginia issued a temporary restraining order 22 February to cut off 277 Internet domains associated with Waledac in response to a complaint filed by Microsoft.

The legal manoeuvre was the culmination of months of investigation performed with co-operation from Symantec, Shadowserver Foundation, the University of Washington and others as part of an effort dubbed “Operation b49.” As one of the biggest botnets on the web, Waledac is believed to be capable of blasting out more than 1.5 billion spam messages a day. According to Microsoft, a recent analysis found the botnet sent roughly 651 million spam emails to Hotmail accounts alone between 3 to 21 December, 2009.

“This action has quickly and effectively cut off traffic to Waledac at the “.com” or domain registry level, severing the connection between the command and control centres of the botnet and most of its thousands of zombie computers around the world,” blogged Tim Cranton, Microsoft’s associate general counsel. “Microsoft has since been taking additional technical countermeasures to downgrade much of the remaining peer-to-peer command and control communication within the botnet, and we will continue to work with the security community to mitigate and respond to this botnet.”

Microsoft has taken security-related issues to court before. The company filed five lawsuits against companies last year in a bid to address malicious online advertising. But just how effective this move will be is open to debate.

In response to the massive amounts of malware and spam pushed out by botnets, security pros have begun recently to pursue more outside-the-box techniques for fighting back, such as taking down rogue ISPs instead of simply relying on antivirus. However, such tactics have only proven to have short-term impacts.

“Three days into the effort, Operation b49 has effectively shut down connections to the vast majority of Waledac-infected computers, and our goal is to make that disruption permanent,” Cranton wrote. “But the operation hasn’t cleaned the infected computers and is not a silver bullet for undoing all the damage we believe Waledac has caused. Although the zombies are now largely out of the bot-herders’ control, they are still infected with the original malware.”

But even if it is only a partial fix, it’s still a helpful one, Gartner analyst John Pescatore said.

“It’s only as effective as yanking dandelions – gets rid of the immediate problem but the weeds spring right back up,” he told eWEEK. “But, I do think more of this is needed. When legitimate domains are hosting malware, they should be shut down to drive them to invest in making their websites less vulnerable. When domains are started up just to host malware, they should be shut down as quickly as possible.”

“Bottom line: you have to pull dandelions all the time, but it’s also good to kill the roots,” he said.

Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Share
Published by
Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago