Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Botnet Microsoft Security IT

Waledac Botnet Now Completely Offline, Experts Say 91

Posted by kdawson from the it's-dead-jim dept.
Trailrunner7 writes "After Microsoft's actions to take down the Waledac botnet last month, there was some question about whether the operation was much more than a grab for headlines that would have little effect on actual spam levels or malware infections. But more than three weeks after the takedown, researchers say that Waledac has essentially ceased communications and its spam operations have dropped to near zero. One researcher said that Waledac now seems to be abandoned. 'It looks crippled, if not dead,' said Jose Nazario, a senior security researcher at Arbor Networks."
This discussion has been archived. No new comments can be posted.

Waledac Botnet Now Completely Offline, Experts Say More

Waledac Botnet Now Completely Offline, Experts Say

Comments Filter:

  • Re:How about taking down... (Score:3, Informative)

    by Volante3192 ( 953645 ) on Tuesday March 16, 2010 @04:05PM (#31500634)

    If it's that easy why haven't you done it?

    Seriously, though, if the controllers are smart, we'll never catch them. Look at the Mariposa botnet. From what I read about that, while law enforcement got the network down, they didn't have any of the people. It took the bold, stubborn move of one of the controllers trying to regain command (from his own system no less) to catch the people behind it. If the operators walked away, what are the odds we'd catch them?

  • Re:MS is more clever? (Score:2, Informative)

    by Anonymous Coward on Tuesday March 16, 2010 @04:12PM (#31500716)
    Since the only responses you have at the moment are smart-ass, I'll respond seriously.

    While I'm unsure of the specifics of this particular botnet, most of the big current botnets cryptographically sign commands, and ignore any that don't validate. Which means that unless there's a flaw in whatever encryption they used, there's nothing that approach would do other than waste money on domain name registration.

  • Re:Still however useless (Score:1, Informative)

    by Anonymous Coward on Tuesday March 16, 2010 @04:18PM (#31500778)

    putting everyone's computers behind a proper firewall

    Fixed that for you.

  • Poor Design (Score:4, Informative)

    by phantomcircuit ( 938963 ) on Tuesday March 16, 2010 @04:46PM (#31501148) Homepage

    The only reason this worked is that the botnet was poorly designed. It relied on at least one of the command and control servers being available. If they all get taken down at the same time you destroy the botnet. This is not how most other botnets work, this is not a tactic that worked against this specific botnet and will not work against other botnets.

    Other botnets generate new domain names fairly regularly. All the botnet controller needs to do is register one of those domains before it is generated. Good luck getting a court order to ban all the generated domains for the next few years.

Slashdot Top Deals

One man's constant is another man's variable. -- A.J. Perlis

Close