Microsoft gets legal might to take down spam botnets

Sep 08, 2010 By Byron Acohido

With a judicial assist, Microsoft has perfected a new superweapon to shoot down botnets, the engines cybergangs use to deliver malicious Internet attacks.

The U.S. District Court of Eastern Virginia last week granted a motion that, in effect, gives permanent ownership of 276 Web domains once used by the Waledac cybergang to send instructions to hundreds of thousands of spam-spreading PCs.

Cybersleuths and attorneys at Microsoft's digital crimes unit actually decapitated the Waledac botnet in February by persuading Leonie Brinkema to issue a temporary restraining order to take the 276 domains offline.

Brinkema's order was unusual because the owner of the domains could not be reached and thus did not have a day in court to protest, says Microsoft senior attorney Richard Boscovich Sr.

With permanent ownership of the domains, Microsoft now has a proven legal means to take aim at U.S.-registered domains -- including .com, .net, .biz and .org domains -- shown to be conducting criminal activity. "It's open season on botnets," says Boscovich. "The hunting licenses have been handed out, and we're coming back for more."

The Waledac was a major source of spam and PC infections, at its peak in 2009 delivering 1.5 billion spam messages daily. Microsoft added detection and filtering for Waledac infections to its free malicious software removal tool. But cleaning infected PCs one by one did not stop the command PCs.

By December, Microsoft accounts were getting swamped with more than 650 million e-mail spam messages sent out by Waledac. That helped motivate the company to pursue a court order to shut down the command domains.

Even after the botnet's command center got knocked out, tens of thousands of infected PCs continued trying to phone home for instructions. Cox Communications has contacted several hundred of its subscribers by phone to guide them to Microsoft's free cleanup tool.

Lingering Waledac infections pose a risk, says Jason Zabek, safety manager at Cox. "You never know if something else will pop up to try to use it," he says.

Indeed, Microsoft in one recent seven-day period counted 58,000 PCs attempting 14.6 million connections to the 276 Waledac domains it now owns. The company advises using its free Security Essentials program, which will clean up Waledac and many other infections. Meanwhile, it is back at the hunt. "There are dozens of major botnets and hundreds of smaller ones," says T.J. Campana, Microsoft senior program manager. "Botnets remain the backbone of criminal activity."

Explore further: Facebook dressed down over 'real names' policy

4.8 /5 (11 votes)
add to favorites email to friend print save as pdf

Related Stories

Microsoft uses law to cripple hacker spam network

Feb 25, 2010

Microsoft on Thursday said it combined technology with an "extraordinary" legal maneuver to cripple a massive network of hacked computers that had been flooding the Internet with spam.

Conficker worm dabbling with mischief

Apr 28, 2009

The Conficker worm's creators are evidently toying with ways to put the pervasive computer virus to work firing off spam or spreading rogue anti-virus applications called "scareware."

Downadup Worm Hits Over 3.5 Million Computers

Jan 16, 2009

(PhysOrg.com) -- Security firm F-Secure has advised that the Downadup worm has spread to more than 3.5 million computers by exploiting a vulnerability Microsoft patched last October. This is achieved by trying ...

Comcast tries pop-up alerts to warn of infections

Oct 10, 2009

(AP) -- Comcast Corp. wants to enlist its customers in a fight against a huge problem for Internet providers - the armies of infected personal computers, known as "botnets," that suck up bandwidth by sending spam and facilitating ...

Microsoft asks court to hold off on Word ban

Aug 19, 2009

(AP) -- Microsoft Corp. is asking the U.S. Court of Appeals for the Federal Circuit to allow it to keep selling Word software as it fights an unfavorable patent ruling.

Recommended for you

Facebook dressed down over 'real names' policy

10 hours ago

Facebook says it temporarily restored hundreds of deleted profiles of self-described drag queens and others, but declined to change a policy requiring account holders to use their real names rather than drag names such as ...

Yelp to pay US fine for child privacy violation

17 hours ago

Online ratings operator Yelp agreed to pay $450,000 to settle US charges that it illegally collected data on children, in violation of privacy laws, officials said Wednesday.

A Closer Look: Your (online) life after death

Sep 16, 2014

Sure, you have a lot to do today—laundry, bills, dinner—but it's never too early to start planning for your digital afterlife, the fate of your numerous online accounts once you shed this mortal coil.

Web filter lifts block on gay sites

Sep 16, 2014

A popular online safe-search filter is ending its practice of blocking links to mainstream gay and lesbian advocacy groups for users hoping to avoid obscene sites.

User comments : 8

Adjust slider to filter visible comments by rank

Display comments: newest first

Ravenrant
Sep 08, 2010
This comment has been removed by a moderator.
SteveL
5 / 5 (2) Sep 08, 2010
To the heck in a hand basket with the online hackers, spammers and scammers. Just imagine how much energy, bandwidth and computational capacity is wasted supporting, or trying to block their illegal and mean-spirited activities.
El_Nose
5 / 5 (3) Sep 08, 2010
no not really -- three cheers for MSFT this time --most people have the spam mail bots and if you removed all of the spam mail being sent around the networks you might end the congesstion for a while.
ziprar
5 / 5 (1) Sep 08, 2010
>>Microsoft has perfected a new superweapon to shoot down botnets

What? Microsoft is gonna shoot itself in the head. Lol
canuckit
5 / 5 (1) Sep 08, 2010
This is good news. Next, I wish someone (like MS) takes action against spam guestbooks, bbs and comment pages that clog search engines with junk/phishing site links.
Ravenrant
1 / 5 (2) Sep 08, 2010
Come on physorg posters, 3 cheers for hackers again.

FYI My comment was in reference to an earlier post of mine wishing someone would plant a bomb at a hackers convention. Most comments were in defense of the hackers. I reiterate, they are lower than pond scum and should be wiped out. Every single person who pays for anti-virus services and the like is paying extortion. They are a blight on society with NO redeeming value.
NameIsNotNick
not rated yet Sep 09, 2010
FYI My comment was in reference to an earlier post of mine wishing someone would plant a bomb at a hackers convention. Most comments were in defense of the hackers. I reiterate, they are lower than pond scum and should be wiped out.


I think I prefer hackers to characters so polarized in their thinking that they advocate terrorism...
El_Nose
not rated yet Sep 09, 2010
while i agree with Ravenrant in principal his arguement can be taken in any number of ways not all of them as literal as NameisnotNick has stated. It can be said that all criminal activity forces an unwanted cost on the rest of society ... Indeed my tax dollars go to the funding of the police department, the shariff department, the state fbi, the federal fbi, tsa, home land security , cia, local jails, federal jails, youth detention facilities and even overseas detention facilities... hackers that work to create spam effect almost everyone on the net and the quality of the net itself as does criminal activity on everyday life... so who do you side for misguided vigilanty justice or criminal wantanly commiting crimes???
Pkunk_
not rated yet Sep 13, 2010
FYI My comment was in reference to an earlier post of mine wishing someone would plant a bomb at a hackers convention. Most comments were in defense of the hackers. I reiterate, they are lower than pond scum and should be wiped out.


I think I prefer hackers to characters so polarized in their thinking that they advocate terrorism...


I agree 100% . While 'ethical hackers' are an endangered breed , the actions of hackers in general force companies to invest in tighter security and in sound security policies.
In the real world if you leave a big "EVERYONE WELCOME" sign in your home/office and no locks , it IS going to get stripped down to the kitchen sink.
The same thing WILL happen to your servers if they are setup with gaping holes and insecure operating systems / server software.

At least no one dies due to the "Nigeria" scamsters. Nowadays i just laugh when i read the crap i got on email and the sort of bullshit that people read and click on "I Agree".