Microsoft Uses Court Order To Cripple Waledac Botnet
The story began unfolding on Monday when Microsoft filed a suit specifically naming a botnet known as Waledac and 27 "John Doe" defendants. Microsoft alleged the cybercriminals broke federal laws with their scheme to create bot-herders that could be used for spamming, click fraud, denial of service, and distribution of malicious software.
According to The Wall Street Journal, Microsoft attorneys asked U.S. District Judge Leonie Brinkema to issue a restraining order under seal to allow the software giant to secretly sever communications channels to the botnet before its masterminds could reestablish links to the network. VeriSign subsequently had to temporarily shut down the domain names.
Waledac is one of the most active spam bots -- with the capacity to send about 1.5 billion spam e-mails a day -- and is one of the 10 largest botnets in the U.S. It steals sensitive information, turns computers into spam zombies, and establishes backdoor remote access.
In fact, security experts estimate Waledac has infected hundreds of thousands of computers around the world. Microsoft's recent analysis shows that about 651 million spam e-mails attributable to Waledac were directed to Hotmail accounts alone between Dec. 3 and 21.
"The takedown of the Waledac botnet that Microsoft executed this week -- known internally as Operation b49 -- was the result of months of investigation and the innovative application of a tried-and-true legal strategy," said Microsoft Associate General Counsel Tim Cranton.
Microsoft also been taking additional technical countermeasures to downgrade much of the remaining peer-to-peer command and control communication within...
