Microsoft spearheaded an attack on the Waledac botnet, shutting down 276 domains used by criminals to control the network of compromised PCs. The takedown, for which Microsoft teamed with academic researchers and other technology firms, severed the command-and-control (C&C) channels used by the cyber criminals behind Waledac, isolating more than 70,000 infected systems.
The most interesting aspect of the counterstrike against Waledac is that Microsoft resorted to the courts to get legal authority to shut down the domains. At the time, the court granted Microsoft a temporary restraining order, allowing the company to gain control of the C&C domains. This week, a lower court recommended that Microsoft be given a default judgment, turning over the domains to the software giant's custody.
[ Get the spin on key tech news that you'll find nowhere else at InfoWorld's Tech Watch blog. | Learn how to secure your systems with Roger Grimes' Security Adviser blog and Security Central newsletter, both from InfoWorld. ]
The result is a legal strategy that others can follow, says Richard Boscovich, senior attorney for Microsoft's Digital Crimes Unit.
"If you meet all the requirements and articulate [your argument] in such a way to show [the botnet] is an immediate threat, this does ... provide a new framework in which other companies can do what we did," Boscovich said.
In recent years, researchers have attempted to take down botnets, but most of the time the criminals behind the C&C servers are able to reconstitute the network. In 2008, two Internet service providers stopped routing traffic for McColo, a rogue hosting company that offered server space for botnets and criminal activity. Spam levels dropped by more than 60 percent worldwide, but rebounded after about four months. More recent takedowns have had even less impact.