Application security, Threat Management, Malware

Microsoft to assume control over Waledac domains

The fight to dismantle the prolific Waledac botnet appears to be over, Microsoft announced Wednesday.

A magistrate judge in the U.S. District Court of Eastern Virginia last week recommended the court permanently transfer ownership of the 276 domains behind Waledac to Microsoft, a move that would effectively stop the cybercriminals from ever leveraging the botnet again. The Waledac botnet is a network of tens of thousands of compromised computers used to spread malware, send spam and commit other cybercrimes.

The defendants in the case, who did not come forward in court but launched distributed denial-of-service attacks against the law firm that filed the lawsuit, have 14 days to object the latest ruling until it is deemed final, Microsoft said in a blog post Wednesday. Microsoft does not know the identities of the defendants.

The software giant believes the defendants are “highly unlikely” to object to the ruling, given the nature of the case and the fact that they never before have presented a defense in court.

Richard Boscovich, senior attorney for Microsoft's Digital Crimes Unit, told SCMagazineUS.com on Wednesday that from a legal and technical perspective, the case could serve as a framework for fighting other botnets in the future.

“We are excited,” Boscovich said. “We have something in place now that can be replicated to target, dismantle, disrupt and ultimately notify and clean all the victims of a particular botnet.”

Wednesday's news confirms a prior win by “Operation b49,” an effort lead by Microsoft in cooperation with academic and industry experts to take down the Waledac botnet.

In February, a federal judge granted a temporary restraining order to cut off the domains, which provide instructions to malware-infected computers. Since that ruling, communications within the botnet have died out, and Microsoft has not discovered any new infections.

The operation has given Microsoft insight into the impact of the botnet and the spread of infections around the globe. The number of infected IP addresses is “steadily declining,” and as of Aug. 30, there were 58,000 unique infected IP addresses, down from 64,000 the month prior.

Microsoft is currently working with internet service providers, such as Cox Communications, and computer emergency response teams from around the world to notify affected users and help them remove Waledac malware from their computers, T.J. Campana, senior program manager for Microsoft's Digital Crimes Unit, told SCMagazineUS.com on Wednesday.

Additionally, Microsoft has created a website to help users clean up Waledac infections.

Similar industry efforts have crippled botnets such as Mariposa and most recently Pusho, also known as Cutwail.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.