We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,785 News Articles

Microsoft gets court order to tackle Waledec botnet

Verisign told to take down 277 .com domains

Microsoft has been granted a court order to cut off 277 .com domains associated with the notorious Waledac botnet.

This will effectively knock the brains of Waledac off the internet, by removing the command-and-control servers that criminals use to send commands to hundreds of thousands of infected machines.

Thought to be used by Eastern European spammers, Waledac has been a major source of computer infections and spam over the past year. Microsoft believes the botnet can send over 1.5 billion spam messages daily.

In a lawsuit against the unknown spammers behind Waledac, Microsoft argues that Verisign, which manages the .com domain, is a choke-point for the botnet.

The court has apparently ordered Verisign to remove the botnet's command-and-control domains from the internet.

"This action has quickly and effectively cut off traffic to Waledac at the '.com' or domain registry level, severing the connection between the command and control centers of the botnet and most of its thousands of zombie computers around the world," Microsoft said in a blog.

Verisign could not immediately be reached for comment.

More work ahead

Because Waledac uses peer-to-peer techniques to control hacked boxes as well, Microsoft has more work to do, however.

"It's a busy night tonight and tomorrow is probably going to be a busy day as well," said Jeff Williams, director of Microsoft's Malware Protection Center.

Williams didn't provide details on what Microsoft was doing to further attack Waledac, but in its blog posting the company said it is "taking additional technical countermeasures to downgrade much of the remaining peer-to-peer command and control communication within the botnet."

Microsoft expects to "continue to work with the security community to mitigate and respond to this botnet", the post states.

Known internally as Operation b49, Microsoft's takedown operation "was the result of months of investigation and the innovative application of a tried and true legal strategy", Microsoft said.

Microsoft tried to strike a blow against Waledac last April, by adding detection for the infection to its Malicious Software Removal tool. But that didn't stop the botnet, and spam levels have remained high.

"They didn't kill it," said Paul Ferguson , a researcher with Trend Micro. "I've been getting a boat-load of Waledac spam lately."

See also: July 4 celebrations hijacked by Waledac botnet


IDG UK Sites

Google Fit vs Apple Health Kit: What's the difference?

IDG UK Sites

How to join Apple's OS X Beta Seed Program: Get OS X Yosemite on your Mac before public release

IDG UK Sites

Introducing generation tech

IDG UK Sites

Government kills £50 million 'Silicon Roundabout' regeneration fund