Microsoft topples Waledec botnet, for now

Microsoft has been targeting the Waledac botnet for ten months, in an internal project it called operation b49. Waledac was a heavy source of spam, said the company. "In a recent analysis, Microsoft found that between December 3–21, 2009, approximately 651 million spam emails attributable to Waledac were directed to Hotmail accounts alone, including offers and scams related to online pharmacies, imitation goods, jobs, penny stocks and more," said associate general counsel Tim Cranton.

Microsoft filed a 'John Doe' lawsuit on February 22 (so-called because it is directed at unknown customers of internet companies). It targeted the owners of 273 domains that Microsoft said were being used to host command-and-control servers for the Waledac botnet, and asked for the domains to be taken down.

A federal judge granted Microsoft a temporary restraining order against the domain owners, taking the domains – and therefore the servers – offline.

"Three days into the effort, Operation b49 has effectively shut down connections to the vast majority of Waledac-infected computers, and our goal is to make that disruption permanent. But the operation hasn’t cleaned the infected computers and is not a silver bullet for undoing all the damage we believe Waledac has caused," Microsoft said.

What’s Hot on Infosecurity Magazine?