Microsoft is cracking down on botnets through the legal system -- and winning. The software giant launched a legal assault this week against networks of compromised computers controlled by hackers, and a federal judge in Alexandria, Va., agreed to its request to deactivate 277 infringing domain names.
The story began unfolding on Monday when Microsoft filed a suit specifically naming a botnet known as Waledac and 27 "John Doe" defendants. Microsoft alleged the cybercriminals broke federal laws with their scheme to create bot-herders that could be used for spamming, click fraud, denial of service, and distribution of malicious software.
According to The Wall Street Journal, Microsoft attorneys asked U.S. District Judge Leonie Brinkema to issue a restraining order under seal to allow the software giant to secretly sever communications channels to the botnet before its masterminds could reestablish links to the network. VeriSign subsequently had to temporarily shut down the domain names.
Inside Operation b49
Waledac is one of the most active spam bots -- with the capacity to send about 1.5 billion spam e-mails a day -- and is one of the 10 largest botnets in the U.S. It steals sensitive information, turns computers into spam zombies, and establishes backdoor remote access.
In fact, security experts estimate Waledac has infected hundreds of thousands of computers around the world. Microsoft's recent analysis shows that about 651 million spam e-mails attributable to Waledac were directed to Hotmail accounts alone between Dec. 3 and 21.
"The takedown of the Waledac botnet that Microsoft executed this week -- known internally as Operation b49 -- was the result of months of investigation and the innovative application of a tried-and-true legal strategy," said Microsoft Associate General Counsel Tim Cranton.
No Silver Bullet
Microsoft also been taking additional technical countermeasures to downgrade much of the remaining peer-to-peer command and control communication within the botnet, Cranton said, and will continue to work with the security community to mitigate and respond to this botnet.
"Three days into the effort, Operation b49 has effectively shut down connections to the vast majority of Waledac-infected computers, and our goal is to make that disruption permanent," Cranton said. "But the operation hasn't cleaned the infected computers and is not a silver bullet for undoing all the damage we believe Waledac has caused. Although the zombies are now largely out of the bot-herders' control, they are still infected with the original malware."
As Altimeter Group partner Michael Gartenberg sees it, cybercriminals need to be fought not only on both the technology level and the legal level. Microsoft had to think fairly creatively to find a legal principle with which it could challenge the bot herders, he said.
"At a time when computers are beyond the notion of nice to have and need to have to mission-critical, the idea of people simply attacking these systems without any means of stopping them is not acceptable," Gartenberg said. "It's good to see Microsoft on the forefront, working to stop these types of attacks and working through the system in powerful and creative ways."
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment