Thursday, February 25, 2010

Waledac Botnet Takedown

The Waledac botnet had the capability of sending 1.5 billion spam e-mails per day. During a three-week period in December, 2009, approximately 651 million spam emails attributable to Waledac were directed to Hotmail accounts alone. Waledac also has the ability to download and execute arbitrary files, harvest email addresses from the local machine, perform denial of service attacks (DDoS), steal passwords, and more. Hundreds of thousands of computers have been infected with Win32/Waldac.

What is a botnet? As described by Microsoft Associate General Counsel, Tim Cranton:
"Botnets - networks of compromised computers controlled by hackers known as “bot-herders” - have become a serious problem in cyberspace. Their proliferation has led some to worry that the botnet problem is unsolvable. Under the control of a hacker or group of hackers, botnets are often used to conduct various attacks ranging from denial of service attacks on websites, to spamming, click fraud, and distribution of new forms of malicious software."
With support from the Microsoft Malware Protection Center (MMPC), the Microsoft Digital Crimes Unit used both legal and technical steps to effectively caused the shutdown of the Waledac botnet. The legal result was a federal judge granted a temporary restraining order which cut off 277 Internet domains believed to be run by those known as the Waledac botnet.

The result of the restraining order was described by Tim Cranton as follows:
"This action has quickly and effectively cut off traffic to Waledac at the “.com” or domain registry level, severing the connection between the command and control centers of the botnet and most of its thousands of zombie computers around the world. Microsoft has since been taking additional technical countermeasures to downgrade much of the remaining peer-to-peer command and control communication within the botnet, and we will continue to work with the security community to mitigate and respond to this botnet."
Although the connections to the infected computers has effectively been shut down, that effort has not cleaned the infected computers and they are still infected with the original malware. Below is a copy of map of Waledac infections around the world in a recent 18 day period.


To help make sure your computer is not one of those dots on the map, run Microsoft’s Malicious Software Removal Tool which removes the malware.

Efforts by others involved in the campaign are described by PCWorld in Microsoft Recruited Top Notch Guns for Waledac Takedown.

References:

Clubhouse Tags: Clubhouse, Microsoft, Windows, Security, Vulnerabilities, Information



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

1 comment:

weston super mare said...

These idiot who produce these botnets are so talented , but idiotic in the way of the fact that if they just applied 10% of the skills involved in this to the security sector or internet protection that they could earn a legit living and massive earning potential. Why do these idiots continue to make these things.,,, for every spam bot they make they could offer a closure on the comprimised system even with there own LOCKDOWN secutrity , something scanning the ports to make sure there are no other trojans or back offices attachted.... the fools !

thanks to the reporter