Microsoft put on its spy glasses when it investigated Operation b49, otherwise known as Waledac. Waledac was an international internet spam bot infecting hundreds of thousands of consumers worldwide. If this number of people who have been infected by the viruses rampant on the internet sounds big, it is. This is a huge number of people who are affected by this scam. It is thought to be developed by criminals, intent on sending possibly 1.5 billion spam emails daily from internet domains like discountfreesms.com. In a bold move, Microsoft filed suit in the U.S. District Court for the Eastern District of Virginia against 27 anonymous criminals, seeking injunctive relief in the form of a temporary restraining order for over 270 domains.
Microsoft admits it has never gotten involved in a lawsuit to take down a botnet before. The restraining order was eventually granted, and Microsoft began to block internet access to the criminals sending spam, without their even knowing it. Richard Boscovich says that there many more challenges to come. He adds, “How do w go about stopping a botnet of this magnitude?” and he is not the only one wondering what to do next. Boscovich, senior attorney for Micorsoft’s World Wide Internet Security Program added, “In essence, how do you go about disconnecting all of the robot computers from the bot-herder?” He understands that the only way would be to build a wall to block the bot-herder, and the command computer. This way, they could cut and sever the control or “umbilical cord of the bot-herder from his bots. Once the control is severed, he would not be able to sell his robot army to other criminals, confirmed Boscovich.
The truth is, Operation b49 did stop the bot-herder connections as planned. The majority of Waledac-infected computers are receiving some protection from the main computer or command computer issuing directives to continue infecting computers around the world. The restraining order is working to serve as a means to cut off communication. But the already infected computers will need some special servicing to restore full functions. “In the case of Waledac,…the bot-herder instructs these computers to send spam.” This spam is meant to trick consumers into clicking on a link that will infect their computers. The link acts to reel them in, sucking them into the larger area of the botnet. Many of these counterfeit emails look like e-cards or links to fake pharmaceuticals. If you have ever seen one of these, and discovered a suspicious link, you have been in the presence of the Waledac botnet.
Microsoft suggests everyone with internet access use anti-malware software to clean the Waledac software from their computers regularly. Many people believe that their security system in place will find the botnets trying to infect their system. Since this may or may not be true, it is better to run continuous sweeps to ferret out the botnets intent on crashing your system. This is one place it will pay to be careful clicking on links, and downloading information from unfamiliar websites.
Source: http://blog.seattlepi.com/microsoft/archives/195793.asp?from=blog_last3
