Microsoft's botnet beheading frees 90,000 zombies
By Hani Megerisi
Posted on 12 Feb 2012 at 21:23
Microsoft has claimed the Waledac botnet has been "effectively decimated", after it severed between 70,000 and 90,000 zombie PCs from the network.
“Researchers… who track new Waledac infections, have data showing a dramatic decline in new IP addresses appearing within the Waledac network, meaning that Waledac is no longer spreading its infection to other computers,” said Microsoft Malware Protection Centre’s director Jeff Williams, in a post on the company’s blog.
The goal was to disrupt the bot and to learn from that disruption for future actions
The firm claimed the figures were proof that Operation b49 - which forced Verisign to deactivate 277 domain names being used to issue instructions to the botnet - had been a success.
"While it is still too early to know the entire scope of this particular takedown's impact, early returns show that Operation b49 has been delivering on the disruption of Waledac and helping to map new territory in the fight against botnets," he wrote.
However, Microsoft cautioned that despite the success of the campaign, the computers were still infected with malware despite being cut off. Indeed, Williams claimed that roughly half of the computers “once under the control of Waledac are still trying to send spam – and are in fact doing so at higher levels today than they were in our December analysis”.
Microsoft argued this was due to computers being infected with other malware which “may still be directing them [the zombie computers] to conduct attacks outside of Waledac’s control structure”.
"Waledac itself is just one of many sources of spam on the internet and we never intended Operation b49 to appreciably shrink worldwide spam volumes. The goal, rather, was to disrupt the bot and to learn from that disruption for future actions.”
Mikko Hypponen, chief research office of F-Secure, agreed that the problem of botnets still persisted. "This simply cut the head of the beast. The infected machines are still infected. Owners of those machines still have no idea that they are infected. Their machines simply can't be controlled by the bad guys any more."
"Waledac wasn't the biggest of our headaches," he added. "It was already declining as a botnet and was not one of the major sources of spam. Nevertheless, good riddance... it was a great takedown and all thanks to Microsoft."
From around the web
How to Educate?
The real target should be educating everyone who has a computer to ensure it is fully protected, so they don't get infected in the first case. Of course, while people still visit dubious malware ridden sites even the best protection will sometimes fail.
By skarlock on 17 Mar 2010 
advertisement
- Chrome's shine getting lost in translation
- BytePac: the cardboard hard disk enclosure
- How tech loosens our grip on reality
- Hokum watch: Safer Internet Day
- Why I'm deleting Adobe from my PC
- Prepare to be patronised: it's Safer Internet Day
- Dear Sony, Samsung and every other tech company in the world: stop trying to be Apple
- Will Apple's Final Cut Pro X update placate the pros?
- Smartr Contacts for iPhone review
- Switching to Office 365's Outlook Web App
- Paying for your crimes with Bitcoin
- Pavement hacking: What it is and how to avoid it
- Google's risky pre-loaded pages
- Mac under attack: how secure is Apple's OS?
- Has your browser been hijacked?
- Can you send a truly anonymous email?
- Is it safe to send bank details over email?
- Sainsbury's Bank bans password storage
- MobileMe triggers credit card blocks
- How to stay safe against session hijacking
advertisement
Printed from www.pcpro.co.uk