|
Microsoft gets court order to crack down on Botnets |
The Microsoft Digital Crimes Unit (DCU) has taken acted to take down a number of command and controlservers for spammer botnet Waledac following months of research, investigation and the receipt of a court order to remove registrations for 277 domains.
Botnets are networks of compromised computers controlled by hackers known as “bot-herders.” These have become a serious problem in cyberspace, with their proliferation leading to some to worry that the botnet problem is unsolvable. Controlled by a hacker or group of hackers, botnets are often used to conduct attacks ranging from denial of service attacks on websites, to spamming, click fraud, and distribution of new forms of malicious software.
Microsoft, a founding member of the Botnet Task Force, which is a public-private partnership to join industry and government in the fight against bots, has decided to up the ante in the fight against botnets and all forms of cybercrime. The company has said that through legal action and technical cooperation with industry partners, it has executed a major botnet takedown of Waledac, a large and well-known “spambot.”
The concept of a botnet is depicted by the accompanying diagram that was part of Microsoft's statement, which explains how these nefarious programs work by hijacking thousands of computers, usually without their owners’ knowledge.
Microsoft said the takedown of the Waledac botnet – known internally as “Operation b49” – came about after months of investigation and the innovative application of a tried and true legal strategy. Waledac ranks amongst the 10 largest botnets in the US and is a major distributor of spam globally. It is estimated to have infected hundreds of thousands of computers worldwide and, before this action, was believed to have the capacity to send over 1.5 billion spam emails per day. In a recent analysis, Microsoft said that it found approximately 651 million spam emails attributable to Waledac that between December 3-21, 2009 that were directed to Hotmail accounts alone, including offers and scams related to online pharmacies, imitation goods, jobs, penny stocks and more.
On February 22, in response to a complaint filed by Microsoft in the US District Court of Eastern Virginia, a federal judge granted a temporary restraining order cutting off 277 Internet domains believed to be run by criminals as the Waledac bot. Microsoft said this action quickly and effectively cut off traffic to Waledac at the “.com” or domain registry level, severing the connection between the command and control centers of the botnet and most of its thousands of zombie computers around the world. It said it has since been taking additional technical countermeasures to downgrade much of the remaining peer-to-peer command and control communication within the botnet, and said that it would continue to work with the security community to mitigate and respond to this botnet. Mixrosoft said that in three days Operation b49 has effectively shut down connections to the vast majority of Waledac-infected computers, and said that its goal was to “make that disruption permanent.” However, the operation has not cleaned the drone computers and could not possibly undo all the damage that Microsoft believes Waledac has caused. It said that though the infected zombies are now out of the bot-herders’ control for the most part, they continue to be infected with the original malware. It is therefore recommending adherence to safety guidance.
|
