Waledac botnet background described by USA Today:
Waledac botnet take down:"The Waledac botnet was a major source of spam and PC infections, at its peak in 2009 delivering 1.5 billion spam messages daily. Microsoft added detection and filtering for Waledac infections to its free malicious software removal tool. But cleaning infected PCs one by one did not stop the command PCs.
By December, Microsoft Hotmail accounts were getting swamped with more than 650 million e-mail spam messages sent out by Waledac. That helped motivate the company to pursue a court order to shut down the command domains.
Even after the botnet's command center got knocked out, tens of thousands of infected PCs continued trying to phone home for instructions."
Through the efforts of Microsoft’s Digital Crimes Unit, in partnership with Microsoft’s Trustworthy Computing team and the Microsoft Malware Protection Center, Microsoft undertook a combination of technical measures and previously untried legal techniques to disrupt and control the Waledac botnet, referenced by Microsoft as Operation b49,
The result of this effort takes us from this:
to this:
Image from Accelerating Change through Technology
Additional background information is available in my earlier post, Waledac Botnet Takedown.
Clean-up:
The exciting news is that the legal action by Microsoft to permanently shut down the botnet was successful. As a result, Microsoft is now in a position to work with Internet Service Providers (ISPs) and CERTS to help customers remove the Waledac infection from their computers.
Although communications with the Waledac botnet remain dead, there are still If you believe your computer is infected by Waledac, free help is available at the Microsoft Virus and Security Solution Center.
Prevention:
The standard advice applies:
- Keep a software firewall turned on at all times.
- Update not only your computer operating system but third-party software (i.e., Adobe products, Quick-Time and Java, as well.
- Maintain up-to-date antivirus and anti-malware software.
The future of botnets from the Microsoft Blog:
"The Waledac takedown is the first undertaking in a larger Microsoft-led initiative called Project MARS (Microsoft Active Response for Security), which is a joint effort between Microsoft’s Digital Crimes Unit, the Microsoft Malware Protection Center (MMPC), Microsoft Support and the Trustworthy Computing team to annihilate botnets and help make the Internet safer for everyone. We believe the Waledac takedown will be the first of many successful endeavors for Project MARS and we’re already working to apply the lessons we learned from this operation to future initiatives.
We’re also seeing other members of the security industry and law enforcement taking proactive action to both study and dismantle other botnets, such as the recent actions against Mariposa and Pushdo/Cutwail. While the approaches to these actions have differed somewhat from the Waledac takedown, all of these efforts demonstrate that the industry is beginning to take a more aggressive stance against botnets."
References:
- Microsoft B49 Virus Removal: Virus and Security Solution Center
- Microsoft Blog: R.I.P. Waledac: Undoing the damage of a botnet
- Microsoft on the Issues: Cracking Down on Botnets
- MMPC: An Update on Operation b49 and Waledac
- MMPC Blog: What we know and learned from the Waledac takedown
- USA Today: Microsoft gets legal might to target spamming botnets
Clubhouse Tags: Clubhouse, Microsoft, Windows, Security, Vulnerabilities, Information
No comments:
Post a Comment