Court Order Helps Microsoft to Deactivate Waledac

Botnet Waledac, a network of hijacked PCs among the top ten botnets globally and a leading producer of malware and spam, has been facing a potentially severe challenge from Microsoft, the biggest software company worldwide. According to Microsoft on February 25, 2010, court granted it a judgment wherein the '.com' registry, VeriSign, will have to delete 277 domains featuring '.com' from its lists. Consequently, the link between the operators of Waledac and the botnet's infected PCs will be effectively snapped, the software giant reports.

Waledac that made its debut at the end of 2008 to substitute the Storm virus has infected a large number of computers worldwide. When it reached its peak of infection, the botnet made a spectacular impact.

During the period December 3-21, 2009, Waledac spammed over 650 Million e-mails to various Hotmail accounts, said Microsoft.

Tim Cranton, Associate General Counsel, Microsoft, states that the court ruling has successfully snapped traffic to Waledac from the .com websites. Therefore, the botnet's central servers can no longer command-and-control the majority of its zombie PCs globally, as reported by SCMagazineUS on February 25, 2010.

Cranton continues that since the snapping of the link, Microsoft has been adopting an extra number of technical countermeasures so that it becomes possible to cripple the rest of the command-and-control communication across Waledac. He writes that his company will keep on acting against this botnet by taking help from the security industry.

Meanwhile, the security company 'ESET' said in 2009 summer that zombie computers in Waledac could dispatch 6,548 spam mails every 60-minutes, or 2 e-mails/sec. ESET estimated that in case of 20,000 PCs under the botnet's control, 3 Billion messages could be sent out daily from the 'full capacity' working computers.

Finally, legal action for deactivating a botnet isn't something new. During June 2009, the rogue ISP 3FN was shutdown as a result of an order from certain federal court, thereby stopping its connectivity service for the Mega-D and Pushdo botnets. However, the current court order is the only lead action with respect to any domain.

Related article: Court Acquits Student From Generating Fake Boarding Passes

» SPAMfighter News - 3/8/2010