Slashdot Mirror

← Back to Stories (view on slashdot.org)

Waledac Botnet Now Completely Offline, Experts Say

Posted by kdawson on from the it's-dead-jim dept.

Trailrunner7 writes "After Microsoft's actions to take down the Waledac botnet last month, there was some question about whether the operation was much more than a grab for headlines that would have little effect on actual spam levels or malware infections. But more than three weeks after the takedown, researchers say that Waledac has essentially ceased communications and its spam operations have dropped to near zero. One researcher said that Waledac now seems to be abandoned. 'It looks crippled, if not dead,' said Jose Nazario, a senior security researcher at Arbor Networks."

8 of 91 comments (clear)

  1. Still however useless by 0racle · · Score: 4, Insightful

    question about whether the operation was much more than a grab for headlines that would have little effect on actual spam levels or malware infections

    I think everyone knew the answer was, no it will not have an effect on spam levels or malware infections. Oh it succeeded in taking the botnet offline, MS did something real here, but taking just one offline doesn't mean much.

    --
    "I use a Mac because I'm just better than you are."
    1. Re:Still however useless by plover · · Score: 4, Insightful

      This was a lot larger than taking down a rogue host. This is 1,500,000,000 fewer spams per day on the net.

      Cut out two billion spams here and there and pretty soon you're talking about real effectiveness.

      Sure, they could probably do more, but every journey begins with a single step. Shut down the easy ones first. Pick the low-hanging fruit. Then go back and take down another, and another. At this point it could be all they could get done in a short amount of time, and in any case it's still a good start.

      --
      John
    2. Re:Still however useless by Alwin+Henseler · · Score: 5, Insightful

      As long as the source of the spam/malware problem isn't held accountable, nothing much will change.

      The ultimate source (not cause!) of this problem is of course users that get spam, and then go on to send money to the folks that spammed them. But next in line are those companies that use spam, spread through malware-infected PC's, to sell their products (or sell worthless/dangerous crap, for that matter). Such shady companies should be put out of business, their CEO's thrown in jail ASAP (through whatever -legal- means), and profits confiscated to support the anti-spam operation.

      Focussing on botnets is a good thing, but IMHO useless. Focussing on the folks running them is better, but the next botnet-operator-wannabee will step right in. Instead, efforts should focus on the businesses paying these fuckers.

    3. Re:Still however useless by Moryath · · Score: 3, Insightful

      Sadly true. Waledac might have been a "mature and no longer really expanding" botnet. Botnets do have a certain shelf-life before they start to die through attrition; either the maker comes up with a new propagation method (virus/etc), or it hits a point and stops really expanding, followed by the slow inevitable decline as machines die, or get reformatted, or get overwritten by a newer botnet. There have been botnets that targeted other botnets for invasion/absorption quite a few times.

      If this can help catch and destroy botnets earlier on, it might be more effective.

      The better goal should, of course, be to make systems (and users) more spam-proof. User education would be a good start, as would home ISP's putting everyone's computers behind a proper NAT rather than using cable modems that expose the user to the naked wild. I've seen more home users who "just put up with" what would seem to be obvious virus/problem behavior merely because they were terrified of having to back up their data or reformat...

    4. Re:Still however useless by maxume · · Score: 2, Insightful

      Except the malware writers are not mythical creatures, they have real world considerations.

      So improving security practices and doing the work to eliminate existing bots can actually make a difference.

      --
      Nerd rage is the funniest rage.
    5. Re:Still however useless by David+Jao · · Score: 2, Insightful

      The ultimate source (not cause!) of this problem is of course users that get spam, and then go on to send money to the folks that spammed them. But next in line are those companies that use spam, spread through malware-infected PC's, to sell their products (or sell worthless/dangerous crap, for that matter). Such shady companies should be put out of business ...

      The majority of spam today does not conform to this model. A 419 scam leads to Nigeria, where anti-spam laws do not apply. Stock spam promotes a company, but the company being promoted is neither responsible for the spam nor profits from it. Even for the small minority of spam that does directly promote a company product, your proposal accomplishes nothing other than to open up a new way for enemies of a company to anonymously destroy said company: namely, simply send out forged spam to promote the company's products, and wait for the police to put the (innocent) company out of business.

      Spam is a hard problem to solve. Almost anything you can think of will have been tried before, and won't work.

  2. How about taking down... by lbalbalba · · Score: 2, Insightful

    The bloody botnet operator's and malware author's ? Isn't this like fighting the symptoms instead of the cause ?

  3. Re:Is spam really still a problem? by Anonymous Coward · · Score: 2, Insightful

    Sure my spam folder always has shit in it, but really none of it ever makes it through Googles spam filters into my inbox.

    Spam is still a problem for network operators who have to increase capacity to carry the spam, endpoints that need to buy faster processors to weed out the spam, and users whose filters don't catch all or most spam.

    Then there are the other criminal enterprises and activities that spammers seem to invariably be attached to.