Microsoft this week won a court order allowing it to shut down a so-called botnet that was distributing malicious software and spam. The botnet, called Waledac, is essentially a collection of tens of thousands of PCs from around the world that have been remotely taken over by hackers and organized into a cohesive network of malware-spewing hosts.
"At Microsoft, we don't accept the idea that botnets are a fact of life," says Microsoft Associate Counsel Tim Cranton. "Given the recent spread of botnets, we are getting even more creative and aggressive in the fight against botnets and all forms of cybercrime. That's why I'm proud to announce that through legal action and technical cooperation with industry partners, we have executed a major botnet takedown of Waledac, a large and well-known 'spambot'."
Microsoft's takedown of Waledac, known internally as "Operation b49," began months ago with an investigation and consultation with law enforcement. According to the software giant, Waledac is one of the 10 biggest botnets in the world, and prior to the takedown, it was spewing out over 1.5 million spam emails per day, including over 650 million spam emails to Hotmail accounts during a three week period in December 2009 alone.
On February 22, the US District Court of Eastern Virginia granted Microsoft a temporary restraining order that cut off 277 Internet domains believed to be run by criminals and the central hub of the Waledac botnet. Additionally, 27 "John Doe" defendants were accused of violating federal computer crime laws.
The action cut off the communication channels between the hacker criminals and most of the infected computers in the botnet network. Effectively, Waledac has been taken offline, but Microsoft says it will continue taking "technical countermeasures" to prevent any remaining peer-to-peer control communications from continuing as well.
That said, the infected machines are still riddled with malware. Microsoft recommends that users follow its guidance for keeping PCs clean of malware. You can find these "Protect Your PC" resources on the Microsoft website
