Thursday, September 09, 2010

Waledac Botnet: R.I.P. b49

A botnet is a network of computers hijacked by bot-herders to spread malware, send spam and commit other forms of cyber crime, such as click fraud and DDoS (Distributed Denial of Service) attacks on websites.  In the case of the Waledac botnet, the network comprised tens of thousands of hijacked computers.


Waledac botnet background described by USA Today:

"The Waledac botnet was a major source of spam and PC infections, at its peak in 2009 delivering 1.5 billion spam messages daily. Microsoft added detection and filtering for Waledac infections to its free malicious software removal tool. But cleaning infected PCs one by one did not stop the command PCs.

By December, Microsoft Hotmail accounts were getting swamped with more than 650 million e-mail spam messages sent out by Waledac. That helped motivate the company to pursue a court order to shut down the command domains.

Even after the botnet's command center got knocked out, tens of thousands of infected PCs continued trying to phone home for instructions."
Waledac botnet take down:

Through the efforts of Microsoft’s Digital Crimes Unit, in partnership with Microsoft’s Trustworthy Computing team and the Microsoft Malware Protection Center, Microsoft undertook a combination of technical measures and previously untried legal techniques to disrupt and control the Waledac botnet, referenced by Microsoft as Operation b49,

The result of this effort takes us from this:
to this:  


Additional background information is available in my earlier post, Waledac Botnet Takedown.

Clean-up:

The exciting news is that the legal action by Microsoft to permanently shut down the botnet was successful.  As a result, Microsoft is now in a position to work with Internet Service Providers (ISPs) and CERTS to help customers remove the Waledac infection from their computers. 

Although communications with the Waledac botnet remain dead, there are still If you believe  your computer is infected by Waledac, free help is available at the Microsoft Virus and Security Solution Center.

Prevention:

The standard advice applies:
  1. Keep a software firewall turned on at all times.
  2. Update not only your computer operating system but third-party software (i.e., Adobe products, Quick-Time and Java, as well.
  3. Maintain up-to-date antivirus and anti-malware software.

The future of botnets from the Microsoft Blog:
"The Waledac takedown is the first undertaking in a larger Microsoft-led initiative called Project MARS (Microsoft Active Response for Security), which is a joint effort between Microsoft’s Digital Crimes Unit, the Microsoft Malware Protection Center (MMPC), Microsoft Support and the Trustworthy Computing team to annihilate botnets and help make the Internet safer for everyone.  We believe the Waledac takedown will be the first of many successful endeavors for Project MARS and we’re already working to apply the lessons we learned from this operation to future initiatives.  
We’re also seeing other members of the security industry and law enforcement taking proactive action to both study and dismantle other botnets, such as the recent actions against Mariposa and Pushdo/Cutwail.  While the approaches to these actions have differed somewhat from the Waledac takedown, all of these efforts demonstrate that the industry is beginning to take a more aggressive stance against botnets."

References:


Clubhouse Tags: Clubhouse, Microsoft, Windows, Security, Vulnerabilities, Information


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

No comments: