Microsoft Wins Case Takes 276 Of Waledac Domains

companyone · Sep 11, 2010

Microsoft wins case takes up Waledac Domains

In regard of the latest report concerning Microsoft, the firm has won a case against the Waledec botnet to take up its 276 web domains, which initially were employed for spread spam and viruses across the internet.

The report was confirmed by a US District Court in Eastern Virginia which has vouched the case in favor of the software giant, asking Waledec to name all web domains in favor of Microsoft, the Seattle Times reports.

"Our legal action to permanently shut down the botnet has been successful, and we have begun working with Internet service providers and CERTs to help customers remove the Waledac infection from their computers," Jeff Williams, Microsoft's group program manager posted on the Technet blog, at its malware protection centre.

Microsoft stated that the accused was absent in the proceedings, further reducing the probabilities of appealing against the rulings.

Waldec has been indicted of infecting tens of thousands of computer systems by pushing malicious spam messages which were tagged with viruses.
Source and links to article

_______

DexSmart · Sep 16, 2010

This is just a great win for Microsoft. They have resources and they can manage winning some of the strategic batles. Good work!

MT Domains · Sep 16, 2010

Unfortunately this will not affect the spammers much at all. Recently the only two times I can remember the spam levels noticeably declining was when McColo was taken down, and when 3FN was taken down. The McColo take down caused a very large decrease in spam (about 60-70%), but even then only took a few weeks for the spammers to completely recover, and then they were back to sending even more spam than they were before the take down. One of the botnets affected by the McColo was ruled "dead" after that (it was the Rustock) since it was supposedly permanently disabled by that takedown. Now the Rustock is the one that I see the most crap from every day, so I'd say it's recovered fairly nicely :veryangry:

The reason those take downs actually had an affect though was they physically disabled many C&C servers that were used by the botnets, since those servers were hosted at those companies' facilities. And even that only had an affect for a few weeks.

Taking down domains that were used by the C&C servers really doesn't do a whole lot, since updates can quickly be pushed to the infected bot member machines when it "phones home" so to speak to domains that are still active and IPs that are still up as C&C servers. If I remember right the Waledac also does peer to peer between the infected machines if needed. It's very possible those domains weren't even being actively used by spammers anymore, since spammers typically use throwaway domains for a few weeks, then abandon them.

There was an article a co-worker forwarded me a couple of weeks ago that described the number of new website spammers put up every week on average (the study was done by PandaLabs).... They estimated over 57,000 new websites pop up each week from spammers. I'm guessing that there are a LOT of new domains registered for those websites each week too... So 276 were taken down... That's a minor inconvenience for the spammers.

Microsoft took down 277 domains that were used by the Waledac back in February of this year, and hailed it as a huge accomplishment in shutting down the Waledac... Many articles described it as Microsoft "decapitating" the Waledac, killing the botnet..... Sounds familiar

Sorry for the negativity, but I get annoyed when companies claim to have killed a botnet (like Microsoft is claiming about the Waledac) when there's no way they've done so. That is especially annoying when the company making the claims is the same company who wrote the operating systems that make up probably somewhere around 99.9999% of the infected botnet member machines

companyone · Sep 16, 2010

Good Post "MT"

There was an article a co-worker forwarded me a couple of weeks ago that described the number of new website spammers put up every week on average (the study was done by PandaLabs).... They estimated over 57,000 new websites pop up each week from spammers. I'm guessing that there are a LOT of new domains registered for those websites each week too... So 276 were taken down... That's a minor inconvenience for the spammers.

I read the same article,... so my Guesstimate would be you could multiply this 57K by about 5x to 20+x....

They NEVER come close to a real number like this...its Always "Under".....almost impossible to get close to ab exact figure, just too many changing variables and tactics

I would say they could do 57K in a day or two...just one "outfit' themselves.

I have known of people that can/could create over 1k+.... Blogger bog sites in less than 8 hours....and have content posted to each one of them at any time intervals they want...on any subject they want. ( and nice looking ones) all with different themes...logins etc...

And that is just using some not really all that high-tech means...

There are some networks (non malware sites) out there....almost impossible to detect and even so...you could not "label them spam"

_____

Peace!