There is now a precedent that could allow Microsoft, and others, especially companies in the security industry, to take down botnet after botnet, dealing a deadly blow to one of the core resources that attackers are using, zombie computers.
Microsoft killed off the Waledac botnet, believed to be formed by in excess of 100,000 PCs in February 2010 through an initiative referred to internally as Operation b49.
But Operation b49, for which the software giant and a variety of partners, used a combination of legal and technical efforts, was just the first stage in the shutdown of the Waledac botnet.
Now Microsoft is driving the last nail into Waledac’s coffin.
“Magistrate Judge Anderson of the US District Court of Eastern Virginia has indicated he is recommending the court grant Microsoft’s motion for default judgment in the case filed in February and permanently transfer ownership of the 276 domains behind Waledac to Microsoft so they’ll never again be used for cybercrime,” Microsoft noted.
Obviously the defendants in the Waledac case, namely the attackers behind the network of infected computers used for spread malware, send span and for additional forms of cybercrime, have failed to come forward and defend themselves.
Nonetheless, the judge is recommending that the District Court grant default judgment to Microsoft, as the company proved that the defendants are doing nothing more than avoid being prosecuted for the countless illegal activities they were involved in.
The software giant revealed that the people behind Waledac fought back against the law firm involved in the lawsuit with a Distributed Denial of Service attack, and even threatened one of the researchers that contributed to taking down the botnet.
“The defendants will have 14 days to object and, if they do not, the District Court ruling will be final,” the company explained.
“The defendants are highly unlikely to respond, given the nature of the operation and the fact they have not presented a defense in court to date, which means this case has effectively been brought to a successful resolution.”
Bot-herders use computers infected with malware from unsuspecting victims to commit various forms of cybercrime.
In the case of Waledac, attackers were controlling the tens of thousands of computers through a variety of domains they owned.
The ex parte temporary restraining order granted by the court in February allowed Microsoft to take control over the domains and shut off the attackers before they could react.
Backed by the court, the consistent efforts from the Redmond company and additional members of the security industry were successful in shutting down Waledac for good.
Microsoft can now focus on cleaning the computers infected with the malware, some 58,000 of them are still active, and to hunt down additional botnets.
“Microsoft has created a website – http://support.microsoft.com/botnets – dedicated to help people clean their computers,” the software giant said.
“Although we are in the early stage of the cleanup process, we’re seeing great initial results. Cox Communications, for example, has already helped virtually all the customers they’ve contacted clean their computers.”