Skip to main content

Court Approves Microsoft Action Against Waledac Botnet

In an unusual move, a federal judge in Alexandria, Virginia, granted a request from software giant Microsoft for an ex parte temporary restraining order to deactivate some 277 Internet domains used in the command-and-control infrastructure of the Waledac botnet, which is estimated to have infected more than 75,000 computers worldwide and generate untold millions of spam messages. Pursuant to the order, Network Solutions shut down the domains, in theory cutting off numerous Waledac-infected computers from the cybercriminals and scammers controlling them remotely. The unusual order was carried out without any attempt to inform the “John Does” to which is was being applied; of course, that surprise factor is the only thing that lets such a domain shutdown be effective: with warning, the crooks would just migrate the botnet to new domains.

“The takedown of the Waledac botnet that Microsoft executed this week—known internally as “Operation b49″—was the result of months of investigation and the innovative application of a tried and true legal strategy,” wrote Microsoft associate general counsel Tim Cranton in the official Microsoft blog. Microsoft describes Waledac as one of the ten largest botnets in the United States, and said from December 3 to 21 of 2009 Waledoc-infected machines pointed Microsoft’s Hotmail email service with more than 650 million spam messages.

The legal action against the operators of the Waledac botnet is the first of its kind, and Microsoft promises it won’t be the last. However, the ex parte nature of the action may begin to establish a legal precedent that it’s OK to order domains to be taken offline so long someone can convince a judge such an action has concrete benefits to consumers and businesses. As part of its complaint (PDF), Microsoft highlighted damages being done to Internet users around the world by the Waledac botnet, as well as the expense and lost productivity companies have faced trying to deal with Waledac spam and infections.

Image: Waledac infections around the world during a recent 24-hour period. (Microsoft)

Editors' Recommendations