Microsoft’s botnet beheading frees 90,000 zombies
Microsoft has claimed the Waledac botnet has been “effectively decimated”, after it severed between 70,000 and 90,000 zombie PCs from the network.
“Researchers… who track new Waledac infections, have data showing a dramatic decline in new IP addresses appearing within the Waledac network, meaning that Waledac is no longer spreading its infection to other computers,” said Microsoft Malware Protection Centre’s director Jeff Williams, in a post on the company’s blog.
The goal was to disrupt the bot and to learn from that disruption for future actions
The firm claimed the figures were proof that Operation b49 – which forced Verisign to deactivate 277 domain names being used to issue instructions to the botnet – had been a success.
“While it is still too early to know the entire scope of this particular takedown’s impact, early returns show that Operation b49 has been delivering on the disruption of Waledac and helping to map new territory in the fight against botnets,” he wrote.
However, Microsoft cautioned that despite the success of the campaign, the computers were still infected with malware despite being cut off. Indeed, Williams claimed that roughly half of the computers “once under the control of Waledac are still trying to send spam – and are in fact doing so at higher levels today than they were in our December analysis”.
Microsoft argued this was due to computers being infected with other malware which “may still be directing them [the zombie computers] to conduct attacks outside of Waledac’s control structure”.
“Waledac itself is just one of many sources of spam on the internet and we never intended Operation b49 to appreciably shrink worldwide spam volumes. The goal, rather, was to disrupt the bot and to learn from that disruption for future actions.”
Mikko Hypponen, chief research office of F-Secure, agreed that the problem of botnets still persisted. “This simply cut the head of the beast. The infected machines are still infected. Owners of those machines still have no idea that they are infected. Their machines simply can’t be controlled by the bad guys any more.”
“Waledac wasn’t the biggest of our headaches,” he added. “It was already declining as a botnet and was not one of the major sources of spam. Nevertheless, good riddance… it was a great takedown and all thanks to Microsoft.”