We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Microsoft to tackle botnets with legal action

Take-down hasn't stopped all communication with botnet's controllers

Microsoft is planning to use the same legal tactic that it deployed last week to strike at the Waledac botnet's command-and-control centers, against a number of other botnets.

As a fall-back, Waledac bots can communicate to their controllers "indefinitely" using IP addresses that are hard-coded into the bot Trojan, SecureWorks' Stewart said.

Campana acknowledged those alternate command-and-control links within Waledac, and said Microsoft is attacking those as well.

He declined to provide details of what Microsoft was doing, or when - or even if - the Waledac bots would be unreachable by their makers.

"In addition to the legal action against the domains, we have taken other technical measures," said Campana. "At this point, we're still working that angle and actively adapting our measures."

Several message security and spam filtering companies and organisations, including Google 's Postini and the SpamHaus, also disputed Microsoft's claim last week that Waledac was a "major distributor of spam" and that crippling it would reduce spam.

Symantec's MessageLabs also weighed in on the impact issue, and like other vendors, downplayed Waledac's significance.

"There's been no real noticeable effect of the takedown," Matt Sergeant, a senior anti-spam technologist with MessageLabs, said.

"It's one of the smallest botnets out there, and the court order appears to have had very little effect on its output."

Microsoft countered, saying it's too early to gauge its anti-Waledac moves.

"We're still looking at the impact this has had," said Campana, referring specifically to the monitoring Microsoft's doing of the volume of spam addressed to Windows Live Hotmail accounts.

"It's somewhat premature to say 'yay or nay' yet." The next one or two weeks will tell the tale, Campana agreed.

But Boscovich would not promise that Microsoft would make Hotmail spam data public. "We'll look at that [decision] fairly soon," he said.

It isn't the first time that Microsoft has said it has crippled a botnet built by this group of hackers.

In April 2008, the company took credit for crushing the Storm botnet - Waledac's predecessor - saying that the malware search-and-destroy tool it distributes to Windows users every month disinfected so many bots that the hackers threw in the towel .

As with the Waledac take-down, researchers at the time disputed Microsoft's claim that it had beaten Storm into submission.

Campana urged Windows users to run the Microsoft-made Malicious Software Removal Tool (MSRT) to scrub Waledac from infected systems, and up-to-date anti-virus software to keep it off still-clean machines.

"This is definitely a preventable issue," he said.

See also: July 4 celebrations hijacked by Waledac botnet

IDG UK Sites

Best camera phone of 2015: iPhone 6 Plus vs LG G4 vs Galaxy S6 vs One M9 vs Nexus 6

IDG UK Sites

In defence of BlackBerrys

IDG UK Sites

Why we should reserve judgement on Apple ditching Helvetica in OS X/iOS for the Apple Watch's San...

IDG UK Sites

Retina 3.3GHz iMac 27in preview: Apple cuts £400 of price of Retina iMac with new model