Microsoft uses law to cripple hacker spam network

Feb 25, 2010 by Glenn Chapman
Microsoft on Thursday said it combined technology with an "extraordinary" legal maneuver to cripple a massive network of hacked computers that had been flooding the Internet with spam.

Microsoft on Thursday said it combined technology with an "extraordinary" legal maneuver to cripple a massive network of hacked computers that had been flooding the Internet with spam.

The software titan's Digital Crime Unit got clearance from a US judge to virtually sever the cyber criminals' command computers from hundreds of thousands of machines worldwide infected with a Waledac virus.

"We decided the best tactic would be to literally build a wall between the bot-herder, the command computer, and all of the other computers -- effectively cutting the umbilical cord," said Microsoft attorney Richard Boscovich.

Microsoft got a US judge to grant an ex parte temporary restraining order that let the firm erect the cyber blockade without warning bot-herders, masters of the "botnet."

"It was of crucial importance that when we went out to sever the connection between the bot herder and the bots, that severing had to be done without him knowing," said Boscovich, who works in the digital crime unit.

Microsoft drafted a complaint that made a case to the court that the damage to computer owners worldwide, and to the software firm, was major enough to warrant "this rather extraordinary order," Boscovich said.

The mission to take down one of the ten largest botnets in the United States was referred to internally at Microsoft as "Operation b49."

Waledac is estimated to have infected hundreds of thousands of computers worldwide, letting its masters mine machines for information or secretly use them to fire off email.

Hackers typically infect computers with malicious codes by tricking owners into clicking on booby-trapped email messages or Internet links that plant viruses.

Bot-herders are then free to hire out botnets for nefarious tasks such as spewing spam or overwhelming legitimate websites with myriad simultaneously requests in what are known as distributed-denial-of-service attacks.

The Waledac was believed to be capable of sending more than 1.5 billion spam email messages daily.

During a three week period in December, Waledac-infected machines sent approximately 651 million spam email messages to users of Microsoft's free Hotmail service, according to the software firm.

The spam included messages pitching online pharmacies, knock-off goods, and penny stocks.

"Three days into the effort, Operation b49 has effectively shut down connections to the vast majority of Waledac-infected computers, and our goal is to make that disruption permanent," a Microsoft lawyer said in a release.

"But the operation hasn't cleaned the infected computers and is not a silver bullet for undoing all the damage we believe Waledac has caused."

Computer users are advised to purge their machines of viruses and make sure their programs and security software are up to date.

US courts allow for hearings to decide whether temporary restraining orders should be made permanent, setting up an unlikely scenario in which bot-herders would argue for their right to reconnect with their machine minions.

Explore further: A Closer Look: Your (online) life after death

add to favorites email to friend print save as pdf

Related Stories

Conficker worm dabbling with mischief

Apr 28, 2009

The Conficker worm's creators are evidently toying with ways to put the pervasive computer virus to work firing off spam or spreading rogue anti-virus applications called "scareware."

Spam down but 'zombie' armies growing: McAfee

May 07, 2009

Hackers appear to be beefing up armies of "zombie" computers to recover from a major hit scored in the battle against spam email, according to software security firm McAfee.

Computer forensics links internet postcards to virus

Jul 25, 2009

Fake Internet postcards circulating through e-mail inboxes worldwide are carrying links to the virus known as Zeus Bot, said Gary Warner, director of computer forensics at the University of Alabama at Birmingham (UAB). Zeus ...

Comcast tries pop-up alerts to warn of infections

Oct 10, 2009

(AP) -- Comcast Corp. wants to enlist its customers in a fight against a huge problem for Internet providers - the armies of infected personal computers, known as "botnets," that suck up bandwidth by sending spam and facilitating ...

Conficker worm digs in around the world

Apr 01, 2009

Computer security top guns around the world watched warily as the dreaded Conficker worm squirmed deeper into infected machines with the arrival of an April 1st trigger date.

Recommended for you

Yelp to pay US fine for child privacy violation

3 hours ago

Online ratings operator Yelp agreed to pay $450,000 to settle US charges that it illegally collected data on children, in violation of privacy laws, officials said Wednesday.

A Closer Look: Your (online) life after death

Sep 16, 2014

Sure, you have a lot to do today—laundry, bills, dinner—but it's never too early to start planning for your digital afterlife, the fate of your numerous online accounts once you shed this mortal coil.

Web filter lifts block on gay sites

Sep 16, 2014

A popular online safe-search filter is ending its practice of blocking links to mainstream gay and lesbian advocacy groups for users hoping to avoid obscene sites.

Protecting infrastructure with smarter CPS

Sep 16, 2014

Security of IT networks is continually being improved to protect against malicious hackers. Yet when IT networks interface with infrastructures such as water and electric systems to provide monitoring and control capabilities, ...

User comments : 5

Adjust slider to filter visible comments by rank

Display comments: newest first

dirk_bruere
not rated yet Feb 25, 2010
Somehow I don't think the virus writers and users will turn up in court.
MatthiasF
not rated yet Feb 25, 2010
At least the latter will be notified, Dirk. Maybe it'll be embarrassing enough to get their computers cleaned and secured better.
frajo
1 / 5 (1) Feb 26, 2010
http://www.symant...-1429-99 :
Systems affected: Windows 98, Windows 95, Windows XP, Windows Me, Windows Vista, Windows NT, Windows Server 2003, Windows 2000
tctaylor
not rated yet Feb 26, 2010
Bravo, Microsoft! It's not often that people get the opportunity to say that and it's only fair that props are given here.
fourthrocker
not rated yet Feb 26, 2010
Someone should put out a hit on the scum that do this.