Microsoft secretly beheads notorious botnet

25 Feb 2010
Botnet

Microsoft claims it has shut down one of the US's largest botnets, halting the spread of 1.5 billion spam messages

Microsoft has won court approval to deactivate 277 domain names that are being used to control a vast network of infected PCs.

The software giant claims the notorious Waledac botnet is being used by Eastern European spammers to send 1.5 billion spam messages every day, and infect hundreds of thousands of machines with malware.

In a suit filed in the US District Court of Eastern Virginia, Microsoft accused 27 unnamed defendants of violating federal computer crime laws.

It further requested that domain registrar Verisign temporarily deactivate the domains, shutting down the control servers being used to send commands to the machines.

The operation hasn’t cleaned the infected computers and is not a silver bullet for undoing all the damage we believe Waledac has caused

The request was secretly approved by District Judge Leonie Brinkema, allowing the action to be taken covertly, preventing Waledac's operators from switching domains.

However, while Microsoft hailed the victory, it claimed the work was far from over. "Operation b49 [Microsoft's codename for the operation] has effectively shut down connections to the vast majority of Waledac-infected computers, and our goal is to make that disruption permanent," the company wrote on its blog.

"But the operation hasn’t cleaned the infected computers and is not a silver bullet for undoing all the damage we believe Waledac has caused. Although the zombies are now largely out of the bot-herders’ control, they are still infected with the original malware," it concluded.

Read more

News