Microsoft Secretly Beheads Notorious Waledac Botnet

Barence writes "Microsoft has quietly won court approval to deactivate 277 domain names that are being used to control a vast network of infected PCs. The notorious Waledac botnet is being used by Eastern European spammers to send 1.5 billion spam messages every day, and infect hundreds of thousands of machines with malware. In a suit filed in the US District Court of Eastern Virginia, Microsoft accused 27 unnamed defendants of violating federal computer crime laws. It further requested that domain registrar Verisign temporarily deactivate the domains, shutting down the control servers being used to send commands to the machines. The request was secretly approved by District Judge Leonie Brinkema, allowing the action to be taken covertly, preventing Waledac's operators from switching domains."

One step toward active botnet fighting?

[jeffmeden]

This is nice (if reactionary) but how long before we can get a court order to legally fight the botnet by 'infecting' the target computers with a patch, or at least some sort of message that warns the user to seek help?

Would Microsoft ever go that far? Would that be admitting that the only solution to the holes in Windows is vigilantism?

Re:One step toward active botnet fighting?

[derGoldstein]

I'm waiting for the visualization software that will display the fight. Maybe you could place bets...

Contingencies

[flink]

Even if the control machines loose DNS resolution, might not the botnet be configured to fall back to connecting to well known IP addresses to accept commands? Seems like the logical thing to do if you are creating an illegal network...

Re:Contingencies

[TheLink]

If I wrote malware (I don't), I'd use google, other search engines and maybe even twitter (but that's probably covered by search engines nowadays) to search for new instructions :). So you could post the instructions "anywhere" in the world along with keywords. The search engines would find it. Naturally you'd check the signatures to see if the instructions are valid.

I'd also write the malware in perl. Pretty easy to do such stuff with perl - can also fork and run the instructions in an eval (if you think people are going to crack your malware). It'll be interesting to see how the AV people cope with TIMTOWTDI. Probably trivial to whip up equivalents in python or similar.

Such malware could run on windows, Linux, *BSD, OSX :).

Re:Contingencies

[2obvious4u]

That is a bad assumption on his part. Drug dealers have different priorities than most people. I used to know people who would gross 100k a week dealing drugs. The thing is they would have to pay 60k back to the suppliers and then they would split 10k each and would pick up girls and take them on shopping sprees to get laid and would spend the rest on stuff like cloths and drugs for themselves. They really didn't have any money left at the end of the week. Owning houses that you bought with drug money doesn't work out very well when the IRS comes knocking, so they would blow all their funds on consumables during the week.

Eventually they got caught and spent about 5 years in jail each. But for the 2 or 3 years they were earning that kind of cash and spending it on cloths, cars, women and drugs they lived like rock stars. The problem is that you do get caught and it is a very rough life. You have to have a very low moral standard that most of society can't stomach. But from the pictures it looked like a lot of fun. Even knowing about the 5 years hard time at the end.

Oh, and women like drug dealers. You get a girl hooked on your supply and you can get laid whenever you like. Not everything can be measured in dollars.