Slashdot Mirror
Waledac Botnet Now Completely Offline, Experts Say
Trailrunner7 writes "After Microsoft's actions to take down the Waledac botnet last month, there was some question about whether the operation was much more than a grab for headlines that would have little effect on actual spam levels or malware infections. But more than three weeks after the takedown, researchers say that Waledac has essentially ceased communications and its spam operations have dropped to near zero. One researcher said that Waledac now seems to be abandoned. 'It looks crippled, if not dead,' said Jose Nazario, a senior security researcher at Arbor Networks."
That is not dead which can eternal lie.
And with strange aeons even death may die.
I think everyone knew the answer was, no it will not have an effect on spam levels or malware infections. Oh it succeeded in taking the botnet offline, MS did something real here, but taking just one offline doesn't mean much.
"I use a Mac because I'm just better than you are."
What MS should do is to re-register the domain names and point them to a C&C server they host. Then they have a wild botnet in a cage to be researched until they can find the best way to eradicate the thing, and others like it.
Or else command it to DDOS their foes. MWAHAHAHA!
Welcome to the Panopticon. Used to be a prison, now it's your home.
What MS should do is to re-register the domain names and point them to a C&C server they host
What kind of C&C server? Red alert? Tiberium wars? I prefer a Generals C&C server myself...
Do not look at laser with remaining good eye.
The bloody botnet operator's and malware author's ? Isn't this like fighting the symptoms instead of the cause ?
Duh, C&C 4 came out today, he's obviously talking about that.
Since the only responses you have at the moment are smart-ass, I'll respond seriously.
While I'm unsure of the specifics of this particular botnet, most of the big current botnets cryptographically sign commands, and ignore any that don't validate. Which means that unless there's a flaw in whatever encryption they used, there's nothing that approach would do other than waste money on domain name registration.
... it's pining for the fjords!
There is a war going on for your mind.
The only reason this worked is that the botnet was poorly designed. It relied on at least one of the command and control servers being available. If they all get taken down at the same time you destroy the botnet. This is not how most other botnets work, this is not a tactic that worked against this specific botnet and will not work against other botnets.
Other botnets generate new domain names fairly regularly. All the botnet controller needs to do is register one of those domains before it is generated. Good luck getting a court order to ban all the generated domains for the next few years.
FROM: MUYIWA IGE
.He told me he deposited a trunk
box containing us$25.5m with a security in EAUROPE(UK)
all in the aim of retrieving it himself before he was
finally killed before the christmas. According to him
the content of the box was registered as government
classified papers with his influence and was moved out
of my country through diplomatic courrier.He wanted to
safeguard the funds for foriegn investment after his
retirement before he was killed.
ATTN.: sir,
I got your contact through email business directory and decided to send my proposal to you. I am MUYIWA IGE the first son of the late chief BOLA IGE,the attorney general of th e fedeal rebulic of Nigeria who was killed by hired assasin on the 23rd of december 2001 by an unidentified gun men believed to be link to our government of which it is a daily case going on in my country;s dailies now.
Two months ago he was attempted to be murdered but unfortunately God speared his life for us.It was then he had to reveal some vital informations as regards his life to me before he was finally killed in december. All accounts belonging to my father both local and abroad had been frozen and his investments seized by the government believing in thier false allegation that he made away of $2 billion dollars of (NEPA)national electricity power authority of which i know is just a ploy to eliminate him by the people in power that he is fustrating thier evil intentions through the human right pubic hearing for violation of right and cruelsome killings during the military regime to carry out thier traits to suffer the mases for thier selfish interest instead of the interest of the nation.We are now in a dileman as ou live are in danger till after the investigations.
Two weeks to the christmas holiday in 2001 being on the 4th of december,my dad spoke to me at lenght about life and it realities
In the light of this as the next of kin i am now contacting you a foreigner to assist ME in retrieving the boxes and depositing of the fund into your foreign account hence the need to contact you. I and my mother had agreed to give you 30% of the fund for your assistance and 10% for any expenses you might incur in the course of this transaction, we want to believe that you will not sit on the money when paid into your account. I want you to understand that there is no risk involve as we have worked out modalities for the smooth actualization of this goal. The boxes presently is in a security vault of this company in their offshore office in SPAIN.i will require the following for effecting the documents of claim and identification.:
1] Your driving license to assure us of your person
2] Your private telephone and fax numbers.
I will send the following:
3] The receipt of the ware bill used in sending the boxes
4] The deposit certificate
All these will be send through YOUR FAX NUMBER then you will proceed for claim after due schedule with them.you
I wish to state here that we are left with nothing as we survive by the grace of God. I hope you understand our predicament so as to save me and my family from hopeless future (S.O.S.)
All contacts for now should be through my personal email address for security reasons.
Waiting your urgent response.
Best regards,
MUYIWA IGE.
MY PERSONAL EMAIL
ADDRESS(muyiige@mail.com)ALTERNATIVE RESPONSE
Other botnets generate new domain names fairly regularly. All the botnet controller needs to do is register one of those domains before it is generated. Good luck getting a court order to ban all the generated domains for the next few years.
No problem. Individual court orders should do the trick. After seeing 200+ ISPs going through depeering hell, Hosting providers will be a lot more careful who they let have a server. Of course, this is a less than ideal scenario for IT folk in general (especially because it puts the onus on hosting providers to monitor traffic), but it might be effective.
While the parent is intended as a joke, the idea that quality software will put people out of work is quite widespread among people in IT. Which is quite a sad state of affairs as it is such an obvious case of a broken window fallacy. Rather then spending resources on fixing up damage, it is much more production to direct it on creation of new things or modifying existing to better meet the demand.
Is the source of this attitude the built in obsolescence idea from manufacturers? Do developers really think that once the perfect software is delivered the requirements will never again change and never need to be modified? Do they not enjoy adding new features and solutions, and would rather spend their time fixing the broken parts of releases? Even the support personnel should realize that there would still be a need for them in order to answer questions of the new users.
Spam is still a problem for network operators who have to increase capacity to carry the spam, endpoints that need to buy faster processors to weed out the spam, and users whose filters don't catch all or most spam.
Then there are the other criminal enterprises and activities that spammers seem to invariably be attached to.