Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Secretly Beheads Notorious Waledac Botnet

Posted by CmdrTaco on from the if-you-cut-off-one-head-do-two-grow-back dept.

Barence writes "Microsoft has quietly won court approval to deactivate 277 domain names that are being used to control a vast network of infected PCs. The notorious Waledac botnet is being used by Eastern European spammers to send 1.5 billion spam messages every day, and infect hundreds of thousands of machines with malware. In a suit filed in the US District Court of Eastern Virginia, Microsoft accused 27 unnamed defendants of violating federal computer crime laws. It further requested that domain registrar Verisign temporarily deactivate the domains, shutting down the control servers being used to send commands to the machines. The request was secretly approved by District Judge Leonie Brinkema, allowing the action to be taken covertly, preventing Waledac's operators from switching domains."

1 of 381 comments (clear)

  1. Re:Secret courts, secret orders, ... by Steve+Hamlin · · Score: 5, Informative
    It called a Temporary Restraining Order (TRO). In civil court cases, the Plaintiff can ask the judge to issue a TRO to prevent ongoing harmful conduct that later monetary damages after trial are insufficient to remedy. In other words: "Your Honor, this can't wait until the trial is over." The standards are high, and courts do not do this this without a very compelling set of alleged facts. Requesting Plaintiffs are often required to post a significant cash bond to cover damage to the enjoined party in case the TRO is not, in hindsight, the proper pre-trial remedy.

    In most cases, a court won't issue a TRO without notice to the defendants and a hearing to allow the sought-to-be-enjoined party to response to the Motion for TRO. In some situations, like this, where mere notice might allow the Defendants to further the harm, the court orders the TRO without notice to the enjoined party. The Order allows the Plaintiffs to demand third parties to do or stop doing something for the enjoined party - the first notice to them is when they can't access bank accounts, or their vendor refuses to cooperate, etc.

    The safeguards built into the system are (1) the cash bond, (2) a neutral judge that weighs the likelihood of irreversible damage and proof of the initial allegations against the harm from enjoining a party before a verdict, and most importantly, (3) that these are TEMPORARY. The judge will order a hearing with BOTH parties within (usually) 10 days of the TRO issuance, at which time the Defendants can object, rebut the Plaintiff's allegations, and ask the court to lift the injunction. At that point, it is a dispute between two noticed parties before a neutral court.