In response to a lawsuit filed by Microsoft, a federal judge issued a temporary restraining order against 277 Internet domains associated with the notorious Waledac botnet.
Microsoft is using the law as a weapon to take down the Waledac botnet.According to the company, a federal judge in Virginiaissued a temporary restraining order Feb. 22 to cut off 277 Internet domains associated with Waledac in response to a complaint filed by Microsoft.
The legal maneuver was the culmination of months of
investigation performed with cooperation from Symantec,
Shadowserver Foundation, the University of Washington and others
as part of an effort dubbed "Operation b49." As one of the biggest botnets on the Web, Waledac is believed to
be capable of blasting out more than 1.5 billion spam
messages a day. According to Microsoft, a recent analysis
found the botnet sent roughly 651 million spam e-mails to Hotmail
accounts alone between December 3-21, 2009.
"This action has quickly and effectively cut off traffic to Waledac at
the ".com" or domain registry level, severing the connection between
the command and control centers of the botnet and most of its thousands
of zombie computers around the world," blogged Tim Cranton, Microsoft's
associate general counsel. "Microsoft has since been taking additional
technical countermeasures to downgrade much of the remaining
peer-to-peer command and control communication within the botnet, and
we will continue to work with the security community to mitigate and
respond to this botnet."Microsoft
has taken security-related issues to court before. The company filed
five lawsuits against companies last year in a bid to address malicious online advertising. But just how effective this move will be is open to debate. In response to the massive amounts of malware and spam pushed out by botnets, security pros have begun recently to pursue more outside-the-box techniques for fighting back, such as taking down rogue ISPs instead of simply relying on antivirus. However, such tactics have only proven to have short-term impacts."Three
days into the effort, Operation b49 has effectively shut down
connections to the vast majority of Waledac-infected computers, and our
goal is to make that disruption permanent," Cranton wrote. "But the
operation hasn't cleaned the infected computers and is not a silver
bullet for undoing all the damage we believe Waledac has caused.
Although the zombies are now largely out of the bot-herders' control,
they are still infected with the original malware." But even if it is only a partial fix, it's still a helpful one, Gartner analyst John Pescatore said."It's
only as effective as yanking dandelions - gets rid of the immediate
problem but the weeds spring right back up," he told eWEEK. "But, I do
think more of this is needed. When legitimate domains are hosting
malware, they should be shut down to drive them to invest in making
their Websites less vulnerable. When domains are started up just to
host malware, they should be shut down as quickly as possible.""Bottom line: you have to pull dandelions all the time, but it's also good to kill the roots," he said.