Microsoft Secretly Beheads Notorious Waledac Botnet

← Back to Stories (view on slashdot.org)

Microsoft Secretly Beheads Notorious Waledac Botnet

Posted by CmdrTaco on Thursday February 25, 2010 @01:40AM from the if-you-cut-off-one-head-do-two-grow-back dept.

Barence writes "Microsoft has quietly won court approval to deactivate 277 domain names that are being used to control a vast network of infected PCs. The notorious Waledac botnet is being used by Eastern European spammers to send 1.5 billion spam messages every day, and infect hundreds of thousands of machines with malware. In a suit filed in the US District Court of Eastern Virginia, Microsoft accused 27 unnamed defendants of violating federal computer crime laws. It further requested that domain registrar Verisign temporarily deactivate the domains, shutting down the control servers being used to send commands to the machines. The request was secretly approved by District Judge Leonie Brinkema, allowing the action to be taken covertly, preventing Waledac's operators from switching domains."

7 of 381 comments (clear)

Min score:

Reason:

Sort:

One step toward active botnet fighting? by jeffmeden · 2010-02-25 01:45 · Score: 4, Interesting

This is nice (if reactionary) but how long before we can get a court order to legally fight the botnet by 'infecting' the target computers with a patch, or at least some sort of message that warns the user to seek help?
Would Microsoft ever go that far? Would that be admitting that the only solution to the holes in Windows is vigilantism?
1. Re:One step toward active botnet fighting? by derGoldstein · 2010-02-25 02:53 · Score: 4, Interesting
  
  I'm waiting for the visualization software that will display the fight. Maybe you could place bets...
  
  --
  Entomologically speaking, the spider is not a bug, it's a feature.
Contingencies by flink · 2010-02-25 01:46 · Score: 4, Interesting

Even if the control machines loose DNS resolution, might not the botnet be configured to fall back to connecting to well known IP addresses to accept commands? Seems like the logical thing to do if you are creating an illegal network...
1. Re:Contingencies by TheLink · 2010-02-25 02:10 · Score: 4, Interesting
  
  If I wrote malware (I don't), I'd use google, other search engines and maybe even twitter (but that's probably covered by search engines nowadays) to search for new instructions :). So you could post the instructions "anywhere" in the world along with keywords. The search engines would find it. Naturally you'd check the signatures to see if the instructions are valid.
  
  I'd also write the malware in perl. Pretty easy to do such stuff with perl - can also fork and run the instructions in an eval (if you think people are going to crack your malware). It'll be interesting to see how the AV people cope with TIMTOWTDI. Probably trivial to whip up equivalents in python or similar.
  
  Such malware could run on windows, Linux, *BSD, OSX :).
  --
  
  Too many replies beneath your current threshold
2. Re:Contingencies by 2obvious4u · 2010-02-25 04:04 · Score: 4, Interesting
  
  That is a bad assumption on his part. Drug dealers have different priorities than most people. I used to know people who would gross 100k a week dealing drugs. The thing is they would have to pay 60k back to the suppliers and then they would split 10k each and would pick up girls and take them on shopping sprees to get laid and would spend the rest on stuff like cloths and drugs for themselves. They really didn't have any money left at the end of the week. Owning houses that you bought with drug money doesn't work out very well when the IRS comes knocking, so they would blow all their funds on consumables during the week.
  
  Eventually they got caught and spent about 5 years in jail each. But for the 2 or 3 years they were earning that kind of cash and spending it on cloths, cars, women and drugs they lived like rock stars. The problem is that you do get caught and it is a very rough life. You have to have a very low moral standard that most of society can't stomach. But from the pictures it looked like a lot of fun. Even knowing about the 5 years hard time at the end.
  
  Oh, and women like drug dealers. You get a girl hooked on your supply and you can get laid whenever you like. Not everything can be measured in dollars.
Re:"East European" by FyRE666 · 2010-02-25 01:56 · Score: 3, Interesting

It's not crap in the OS that causes the vast majority of infections. It's crap in the user's heads.
Why not just add code to check for an infection in the next Windows update. If found, then the user is presented with a dialogue at every boot that they must ok, and prevents them from logging in for 5 minutes for the first boot, increasing by 1 minute for each subsequent boot. Even lazy idiots will eventually get sick of this and do something about their machines.

--
Code, Hardware, stuff like that.
Cyber war initiated by DOJ by RichMan · 2010-02-25 02:41 · Score: 3, Interesting

At least that is what the headline could be. Disabling foreign internet service is a big deal.
Could be a serves them right for registering as .com rather than .country. But this is one branch of the US government disabling some foreign infrastructure.