AfterDawn: News

Waledac botnet 'decimated' by Microsoft actions

Research is showing that action taken by Microsoft and others to tackle the Waledac botnet have been effective. Microsoft's "Operation b49" employed a number of technical measures coupled with court actions to cut off the controllers of the spam-spewing botnet from the 70,000 - 90,000 infected PCs.

"While it is still too early to know the entire scope of this particular takedown's impact, early returns show that Operation b49 has been delivering on the disruption of Waledac and helping to map new territory in the fight against botnets," Microsoft's Jeff Williams said.



He said that data from Microsoft and other security researchers "indicate that our actions have effectively decimated communications within the Waledac bot network." An analysis by the Shadowserver Foundation of honeypot PCs (machines allowed to be infected by researchers to observe their behavior) showed that commands received by the infected machines plummeted.

Additionally, the "honeypot" machines are no longer spewing spam. A firm called Sudosecure has also witnessed a sharp decline in the number of new IP addresses joining the Waledac network.

Waledac is responsible for millions upon millions of spam messages being spread across the Internet. Between December 3 and December 21, Hotmail caught 651 million spam e-mails from the Waledac network destined for users' accounts.

Written by: James Delahunty @ 17 Mar 2010 0:43

• Previous article

• Internet Explorer 9 embracing HTML 5, GPU acceleration

• Next article

• Five fails to secure Freeview HD bandwidth

• 8 comments

• cyprusrom

  Waledac botnet 'decimated' by Microsoft actions

  If it's just been reduced by 10%, I guess M$ wasn't that successful:)

  17.3.2010 02:17 #1

• Josipher

  why the hell does that make u happy?
  

  mods go home

  17.3.2010 11:39 #2

• cyprusrom

  Originally posted by Josipher: why the hell does that make u happy? Makes who happy?:)

  17.3.2010 11:42 #3

• scum101

  they wouldn't suffer ANY of this if they allowed users to CONTROL their computer instead of keeping secretive backdoor control for their own spyware policy.
  
  M$ wouldn't understand a secure operating system if one crawled up and bit them in the ass.. not because there aren't plenty of examples, but because a secure operating system sets update and access policy square under the control of the system administrator to update or modify at their choice. While M$ still insist on "updates" being force installed by M$ outside and above the authority and decision of the hardware owner then really everybody gets exactly what they deserve.. malware and spyware galore as the script kiddies look at a few security sites and share the botnet and spyware scripts which exploit these glaring holed M$ leave for their own use.
  

  http://www.gnu.org/philosophy/right-to-read.html
  http://www.fsf.org/

  17.3.2010 16:14 #4

• llongtheD

  Although I agree that windows isn't the most secure operationg system by far, a bigger part of it in my opinion has to do with the end user. Alot of people no next to nothing about how to use or secure their computer and don't even bother to try and learn. I think the majority of people that get infected are people just like this.
  

  If your fish seems sick, put it back in the water.

  17.3.2010 20:43 #5

• ChappyTTV

  Originally posted by cyprusrom:

  Waledac botnet 'decimated' by Microsoft actions

  If it's just been reduced by 10%, I guess M$ wasn't that successful:) Where did you get this number from?
  How do you know what the figure actually is, or is this just another chance to take a pot-shot...without anything to back it up. C'mon dude, if you have anything to show your statement is correct, please post it or don't post made up numbers to make a claim like this.
  I'm not attacking you here, but I just don't understand why (if this is the case) you would pick some random number and claim that it's not been a successful fight back?
  

  20.3.2010 19:15 #6

• cyprusrom

  Originally posted by ChappyTTV: Originally posted by cyprusrom:

  Waledac botnet 'decimated' by Microsoft actions

  If it's just been reduced by 10%, I guess M$ wasn't that successful:) Where did you get this number from?
  How do you know what the figure actually is, or is this just another chance to take a pot-shot...without anything to back it up. C'mon dude, if you have anything to show your statement is correct, please post it or don't post made up numbers to make a claim like this.
  I'm not attacking you here, but I just don't understand why (if this is the case) you would pick some random number and claim that it's not been a successful fight back? Friend, chill out!
  Sorry I didn't use more smiley faces in my previous post, maybe people would've read between the lines and sensed the sarcasm.
  Many obviously don't know the etymology of "decimate". "Deci" means 10, and it comes from Latin. To "Decimate", correctly, literally, means a reduction by 10%. Decimation used to be a practice in Roman army...Out of the group of deserters or cowards, every tenth soldier was punished, so their number was "decimated", or reduced by 10%.
  nowadays, almost everybody uses the word incorrectly,giving it the meaning of great destruction, drastically reduction in number. Largely widespread, but just because is popular, it doesn't mean is literally correct.
  Next time, I will emphasize more on smiley faces, maybe even use the BB <sarcasm>;</sarcasm> codes in my post.
  Yeah, I know the meaning of the article,what the editor meant. I also know the illiteracy is being perpetuated more and more in every book and dictionary, unfortunately.
  http://en.wikipedia.org/wiki/Decimation_%28Roman_army%29

  20.3.2010 19:35 #7

• ChappyTTV

  Originally posted by cyprusrom: Originally posted by ChappyTTV: Originally posted by cyprusrom:

  Waledac botnet 'decimated' by Microsoft actions

  If it's just been reduced by 10%, I guess M$ wasn't that successful:) Where did you get this number from?
  How do you know what the figure actually is, or is this just another chance to take a pot-shot...without anything to back it up. C'mon dude, if you have anything to show your statement is correct, please post it or don't post made up numbers to make a claim like this.
  I'm not attacking you here, but I just don't understand why (if this is the case) you would pick some random number and claim that it's not been a successful fight back? Friend, chill out!
  Sorry I didn't use more smiley faces in my previous post, maybe people would've read between the lines and sensed the sarcasm.
  ....snip... Like I said, I wasn't attacking you at all, I don't do that. I was simply very curious at your (seemingly) drawn conclusion, and the subsequent jab at MS for it. Too many times these days we see idiotic posts that just blame MS for every woe people have, including their own diahrrea sometimes it seems..;). The ones who know better (coders, engineers, security engineers or just good "experts") just get tired of it is all.
  As for the explanation of the word "Decimate", while appreciated, it's unecessary. It does however show your wit, and the reason for your post...I do understand now what you were trying to convey.
  Yes, even winkey smiley faces get lost in translation these days, and sarcasm can easily be missed. For many tho, even the sarcasm they use doesn't hide their prejudice, and it's simply used to throw a backdoor cheap shot. Your obvious intelligence should preclude you from this group, but you also should be able to see what I'm getting at.
  
  And yes, I agree with you TOTALLY regarding the "dumbing down" of our youth, and I think it's a crime. Proper education is key to a healthy society and even here in Canada, where we have national grading levels, speaking or listening to kids these days makes me shake my head in disbelief.
  
  Again, sorry I took your post purely at face value, but sometimes that's what happens in this medium, and you showed class by not coming back with the usual expletive laden flame post.
  Dave
  

  20.3.2010 22:00 #8