[LINK] Microsoft botnet
stephen at melbpc.org.au
stephen at melbpc.org.au
Fri Feb 26 23:43:30 AEDT 2010
Microsoft beheads giant zombie spam network
February 26, 2010 - 12:18PM
<http://www.theage.com.au/technology/security/microsoft-beheads-giant-
zombie-spam-network-20100226-p6oi.html>
Microsoft has combined technology with an "extraordinary" legal manoeuvre
to cripple a massive network of hacked computers that had been flooding
the internet with spam.
The software titan's digital crime unit got clearance from a US judge to
virtually sever the cyber criminals' command computers from hundreds of
thousands of machines worldwide infected with a Waledac virus.
"We decided the best tactic would be to literally build a wall between
the bot-herder, the command computer, and all of the other computers -
effectively cutting the umbilical cord," said Microsoft attorney Richard
Boscovich.
Microsoft got a US judge to grant an ex parte temporary restraining order
that let the firm erect the cyber blockade without warning bot-herders,
masters of the "botnet".
"It was of crucial importance that when we went out to sever the
connection between the bot herder and the bots, that severing had to be
done without him knowing," said Boscovich, who works in the digital crime
unit.
Microsoft drafted a complaint that made a case to the court that the
damage to computer owners worldwide, and to the software firm, was major
enough to warrant "this rather extraordinary order", Boscovich said.
The mission to take down one of the 10 largest botnets in the United
States was referred to internally at Microsoft as "Operation b49."
Waledac is estimated to have infected hundreds of thousands of computers
worldwide, letting its masters mine machines for information or secretly
use them to fire off spam email.
Hackers typically infect computers with malicious codes by tricking
owners into clicking on booby-trapped email messages or internet links
that plant viruses.
Bot-herders are then free to hire out botnets for nefarious tasks such as
spewing spam or overwhelming legitimate websites with myriad
simultaneously requests in what are known as distributed-denial-of-
service attacks.
The Waledac botnet was believed to be capable of sending more than 1.5
billion spam email messages daily.
During a three-week period in December, Waledac-infected machines sent
approximately 651 million spam email messages to users of Microsoft's
free Hotmail service, according to the software firm.
The spam included messages pitching online pharmacies, knock-off goods
and penny stocks.
"Three days into the effort, Operation b49 has effectively shut down
connections to the vast majority of Waledac-infected computers, and our
goal is to make that disruption permanent," a Microsoft lawyer said in a
release.
"But the operation hasn't cleaned the infected computers and is not a
silver bullet for undoing all the damage we believe Waledac has caused."
Computer users are advised to purge their machines of viruses and make
sure their programs and security software are up to date.
US courts allow for hearings to decide whether temporary restraining
orders should be made permanent, setting up an unlikely scenario in which
bot-herders would argue for their right to reconnect with their machine
minions.
AFP Source: smh.com.au
Message sent using MelbPC WebMail Server
More information about the Link
mailing list