Microsoft Takes Down Malicious 'Waledac' Botnet
But what can users do to disinfect hundreds of thousands of compromised computers worldwide, even as Microsoft suspends nearly 300 rogue Internet domains?
Microsoft said it obtained a temporary injunction this week that effectively shut down "Waledac," one of the nation's ten largest botnets, the spam-spewing networks of compromised PCs often controlled by international criminals.
A federal judge in the U.S. District Court of Eastern Virginia granted Microsoft's (NASDAQ: MSFT) request Monday to shut down some 277 Internet domains it believes were being used by the botnet, and Microsoft announced its success Thursday.
Waledac, as it's known, had the capacity to send 1.5 billion spam messages per day and, in less than three weeks in December, delivered 651 million spam e-mails to Hotmail accounts, the company said in a post on The Official Microsoft Blog.
"At Microsoft, we don't accept the idea that botnets are a fact of life ... That's why I'm proud to announce that through legal action and technical cooperation with industry partners, we have executed a major botnet takedown of Waledac, a large and well-known 'spambot,'" Tim Cranton, Microsoft associate general counsel, said in the blog post.
"Three days into the effort, [the takedown operation] has effectively shut down connections to the vast majority of Waledac-infected computers, and our goal is to make that disruption permanent," Cranton's post continued.
Botnets are networks of users' PCs that have been hijacked via malware attacks and, unbeknownst to their users, harnessed as "zombies" to send spam, malware, phishing messages, and other nefarious software.
Last summer, a report by Symantec's MessageLabs unit found that more than 83 percent of spam is sent by botnets.
However, while Microsoft's move to close off the offending domains blocks Waledac's ability to control the so-called "bots" or zombies in a brute force manner, that doesn't solve users' problems -- infected PCs that most users never suspect have been taken over.
Therefore, Microsoft is urging users to run Microsoft's Malicious Software Removal Tool on their machines. The tool recognizes and removes the malware that controls the bots.
Microsoft is also recommending that all users install up-to-date antispyware and antivirus software, such as its own free Microsoft Security Essentials.
Other safe computing measures, such as making sure that firewalls are in place, are also recommended.
By Paul Rubens
February 25, 2010
SQL injection attacks pose a massive potential threat to your organization. Learn ten ways to prevent or mitigate them.