Microsoft's botnet beheading frees 90,000 zombies
By Hani Megerisi
Posted on 17 Mar 2010 at 11:41
Microsoft has claimed the Waledac botnet has been "effectively decimated", after it severed between 70,000 and 90,000 zombie PCs from the network.
“Researchers… who track new Waledac infections, have data showing a dramatic decline in new IP addresses appearing within the Waledac network, meaning that Waledac is no longer spreading its infection to other computers,” said Microsoft Malware Protection Centre’s director Jeff Williams, in a post on the company’s blog.
The goal was to disrupt the bot and to learn from that disruption for future actions
The firm claimed the figures were proof that Operation b49 - which forced Verisign to deactivate 277 domain names being used to issue instructions to the botnet - had been a success.
"While it is still too early to know the entire scope of this particular takedown's impact, early returns show that Operation b49 has been delivering on the disruption of Waledac and helping to map new territory in the fight against botnets," he wrote.
However, Microsoft cautioned that despite the success of the campaign, the computers were still infected with malware despite being cut off. Indeed, Williams claimed that roughly half of the computers “once under the control of Waledac are still trying to send spam – and are in fact doing so at higher levels today than they were in our December analysis”.
Microsoft argued this was due to computers being infected with other malware which “may still be directing them [the zombie computers] to conduct attacks outside of Waledac’s control structure”.
"Waledac itself is just one of many sources of spam on the internet and we never intended Operation b49 to appreciably shrink worldwide spam volumes. The goal, rather, was to disrupt the bot and to learn from that disruption for future actions.”
Mikko Hypponen, chief research office of F-Secure, agreed that the problem of botnets still persisted. "This simply cut the head of the beast. The infected machines are still infected. Owners of those machines still have no idea that they are infected. Their machines simply can't be controlled by the bad guys any more."
"Waledac wasn't the biggest of our headaches," he added. "It was already declining as a botnet and was not one of the major sources of spam. Nevertheless, good riddance... it was a great takedown and all thanks to Microsoft."
From around the web
How to Educate?
The real target should be educating everyone who has a computer to ensure it is fully protected, so they don't get infected in the first case. Of course, while people still visit dubious malware ridden sites even the best protection will sometimes fail.
By skarlock on 17 Mar 2010 
advertisement
- Laptop bag reviews: nine tested
- Sony VAIO T Series Ultrabook review: first look
- Revealed: the military standards and robots HP uses to test its laptops
- Windows 8: multi-monitors and double standards?
- Why is TalkTalk's year-old porn filter suddenly big news?
- Why are laptop screens so far behind mobiles?
- HP EliteBook Folio review: first look
- The shoebox-sized all-in-one printer
- Forget the Ultrabook: here comes the HP Sleekbook
- HP Spectre XT review: first look
- Why you have to be left in the dark on OS patches
- Publishing your email address isn't a security disaster
- Why antivirus is fighting a losing battle in your office
- Four year olds used to steal their parents' data
- An acceptable use policy for your kids
- Paying for your crimes with Bitcoin
- Pavement hacking: What it is and how to avoid it
- Google's risky pre-loaded pages
- Mac under attack: how secure is Apple's OS?
- Has your browser been hijacked?
advertisement
