Full of I.T.

Kevin Remde's IT Pro WebLog

If you can read this, it wasn’t you!


Have you heard of “Botnets”?

“You mean those legions of computers that are being controlled by criminals because they’re running malware that their owners don’t even know about; perhaps to use them to send spam e-mail?”

Exactly.  And if you’re reading this post right now, you can breathe a little easier knowing that you aren’t currently operating on behalf of a particularly nasty network of infected computers.**  This week Microsoft petitioned for and received the ability to block the access to several domains that are listed as known sites working on behalf of the criminals involved in the “Waledac” botnet. 

This blog post spells out what we did:

“The takedown of the Waledac botnet that Microsoft executed this week – known internally as “Operation b49” – was the result of months of investigation and the innovative application of a tried and true legal strategy. One of the 10 largest botnets in the US and a major distributor of spam globally, Waledac is estimated to have infected hundreds of thousands of computers around the world and, prior to this action, was believed to have the capacity to send over 1.5 billion spam emails per day. In a recent analysis, Microsoft found that between December 3-21, 2009, approximately 651 million spam emails attributable to Waledac were directed to Hotmail accounts alone, including offers and scams related to online pharmacies, imitation goods, jobs, penny stocks and more.”

For the full text of the complaint (including an interesting list of the 273 domain names that have been blocked), check out the actual document: “Microsoft Corporation v. John Does 1-27, et. al.”, Civil action number 1:10CV156

What do you think?  Personally, I think it’s great when we’re able to help track down and hopefully eventually punish these criminals.  Anyone with an e-mail mailbox who gets spam should appreciate that we’ve been able to detect and help stop some of it. 

**Note: Even though you aren’t going to be sending anymore e-mails on behalf of these particular criminals, you may still be infected.  “People running Windows machines also should visit http://www.microsoft.com/security/malwareremove/default.aspx, where they can find Microsoft’s Malicious Software Removal Tool, which removes Waledac. We also recommend that Windows users install and maintain up-to-date anti-virus and anti-spyware programs such as Microsoft Security Essentials and turn on auto updates and firewalls.   For our part, we will continue to work with both our industry partners and government leaders to explore possibilities for reaching out to the owners of compromised computers to advise them of the infection and remove malicious code from their machines.”