Microsoft Successful in the Takedown of Waledac Botnet
Due to a new method inculcating court actions along with various technical measures, activities inside the infamous botnet, Waledac, have been successfully annihilated, said Microsoft.
During February 2010, the shutdown of websites, termed as Operation b49, brought the traffic to Waledac at a halt at the domain registry or '. com' level.
According to Microsoft, research revealed that all the commands to the botnet had ceased due to a temporary restraining order granted to sever more than 270 domains that reportedly conducted command and control instructions.
As stated by Jeff Williams, Microsoft's malware protection centre's director, Operation b49 successfully cut off between 70,000 and 90,000 systems from Waledac. This means that those particular users most probably won't see malware downs, outgoing spam, password and ID theft associated with Waledac and rogue security software popups, as per the news published by SCMagazine on March 17, 2010.
The director said that it was well known that a multiple approach was required to successfully counter Waledac. One approach included disruption of peer-to-peer communications via technical measures, take-downs at the domain-level to cut off the coordination between the command and control servers for Waledac and zombie PCs, and conventional server takedowns to cut off the back end command and control mechanisms which are mainly under the direct control of the bot masters.
Williams further added that still the security watchers couldn't claim success; however, the operation's initial success definitely provides guidelines and techniques to conduct takedowns in future, as per the news published by The Register on March 16, 2010.
The director also wrote that though it is quite early to know the extent of the impact of this particular takedown, early outcomes reveal that the Operation b49 has been contributing on Waledac's disruption and serving to devise new ways in the battle against botnets.
Notably, it seems that the botnet is not distributing the Waledac bot infection to other systems. Sudosecure's researchers, who follow new infections from the botnet, witnessed a steep fall in new IP addresses, coming out within the bot network.
Though experts appreciated the efforts that Microsoft made to take down Waledac, they said that individual companies could not bring a major change in comparison with what could be achieved by international botnet legislation.
Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails
» SPAMfighter News - 26-03-2010