Microsoft Secretly Beheads Notorious Waledac Botnet

Barence writes "Microsoft has quietly won court approval to deactivate 277 domain names that are being used to control a vast network of infected PCs. The notorious Waledac botnet is being used by Eastern European spammers to send 1.5 billion spam messages every day, and infect hundreds of thousands of machines with malware. In a suit filed in the US District Court of Eastern Virginia, Microsoft accused 27 unnamed defendants of violating federal computer crime laws. It further requested that domain registrar Verisign temporarily deactivate the domains, shutting down the control servers being used to send commands to the machines. The request was secretly approved by District Judge Leonie Brinkema, allowing the action to be taken covertly, preventing Waledac's operators from switching domains."

Re:One step toward active botnet fighting?

[Saint+Fnordius]

It actually has come to the point where botnets are actively removing other malware from the infected computer, much like a parasite killing off other parasites so that it has sole possession of the host.

Re:"East European"

[jtdennis]

This can also be started manually by running "MRT.exe" from the run prompt. The month of the update is in the title bar, so it's easy to tell if you're current or not.

Re:Secret courts, secret orders, ...

[Steve+Hamlin]

It called a Temporary Restraining Order (TRO). In civil court cases, the Plaintiff can ask the judge to issue a TRO to prevent ongoing harmful conduct that later monetary damages after trial are insufficient to remedy. In other words: "Your Honor, this can't wait until the trial is over." The standards are high, and courts do not do this this without a very compelling set of alleged facts. Requesting Plaintiffs are often required to post a significant cash bond to cover damage to the enjoined party in case the TRO is not, in hindsight, the proper pre-trial remedy.

In most cases, a court won't issue a TRO without notice to the defendants and a hearing to allow the sought-to-be-enjoined party to response to the Motion for TRO. In some situations, like this, where mere notice might allow the Defendants to further the harm, the court orders the TRO without notice to the enjoined party. The Order allows the Plaintiffs to demand third parties to do or stop doing something for the enjoined party - the first notice to them is when they can't access bank accounts, or their vendor refuses to cooperate, etc.

The safeguards built into the system are (1) the cash bond, (2) a neutral judge that weighs the likelihood of irreversible damage and proof of the initial allegations against the harm from enjoining a party before a verdict, and most importantly, (3) that these are TEMPORARY. The judge will order a hearing with BOTH parties within (usually) 10 days of the TRO issuance, at which time the Defendants can object, rebut the Plaintiff's allegations, and ask the court to lift the injunction. At that point, it is a dispute between two noticed parties before a neutral court.

Re:Contingencies

[pehrs]

Not a new idea. Google is working actively to stop this kind of abuse, which they do by forcing you to go through a captcha if you try to search for terms that are related to malware. I have taken apart a few "evil" programs that did google searches, and each time I found that the search terms had a captcha block.

State of the art for malware is to use a generator function (typically a hash) to generate random domain names. If it loses contact with the C&C servers it will use this generator to try domain names until it finds a new configuration file (propperly encrypted and signed). For the controller they only need to register one of the domain names generated by the hash and eventually the bots will all reconnect.

NOT a DNS issue you boob!

[Chas]

This has nothing to do with US control of DNS.

They went to the domains' REGISTRAR (GoDaddy) and got THEM to disable the domains.

Control of DNS could be in the hands of Bumblefuckistan and they still could have done this.

Re:Contingencies

[DJoffe]

The notion that "anybody can make it in the US if they work hard" is a fairy tale.

Seriously. Be born rich. That's the way to go.

The notion that the notion is a fairytale is a fairytale. People love to blindly spread memes like this because they enjoy feeling sorry for themselves, but it simply isn't true:

Rags To Riches Billionaires: "Almost two-thirds of the world's 946 billionaires made their fortunes from scratch, relying on grit and determination"

That doesn't mean everyone can end up a billionaire, but it's simply false that this notion that 'anyone can make it' is a fairytale; it's borne out on practically a daily basis. If you open your eyes and look, you'll find true-life rags-to-riches story under every second stone you turn --- especially in the USA, but also these days frequently in places like China. But yeah, not everyone is born hard-working, I guess, so keep sitting and feeling sorry for yourself and you'll definitely ensure that nothing ever changes for you.

Rags to Riches CEOs

7 greatest celebrity rags to riches stories

Rags to Riches

Entrepreneur takes women from rags to riches

Rags to Riches billionaires

Asian American Rags to Riches Sagas

Case Study: From Rags to Riches (Brenda French)

Cordia Harrington: From Rags to Riches Success Story

Local cosmetics magnate reveals rags-to-riches life story

China: A rags-to-riches story to dream about (Yan Huiyan)

China’s paper magnate is a rags-to-riches story, literally

Rags to riches: Bill MacAloney: from orphan to successful business owner to CBA

From rags to riches: Filipino weavers trade up

Etc. etc. blah blah ... I could go on pasting these stories in here all day. Nothing worse than listening to whiny losers feeling sorry for themselves that they weren't born rich.