Waledac Botnet Now Completely Offline, Experts Say 91
Posted
by
kdawson
from the it's-dead-jim dept.
from the it's-dead-jim dept.
Trailrunner7 writes "After Microsoft's actions to take down the Waledac botnet last month, there was some question about whether the operation was much more than a grab for headlines that would have little effect on actual spam levels or malware infections. But more than three weeks after the takedown, researchers say that Waledac has essentially ceased communications and its spam operations have dropped to near zero. One researcher said that Waledac now seems to be abandoned. 'It looks crippled, if not dead,' said Jose Nazario, a senior security researcher at Arbor Networks."
Still however useless (Score:5, Insightful)
I think everyone knew the answer was, no it will not have an effect on spam levels or malware infections. Oh it succeeded in taking the botnet offline, MS did something real here, but taking just one offline doesn't mean much.
Re:Still however useless (Score:5, Insightful)
This was a lot larger than taking down a rogue host. This is 1,500,000,000 fewer spams per day on the net.
Cut out two billion spams here and there and pretty soon you're talking about real effectiveness.
Sure, they could probably do more, but every journey begins with a single step. Shut down the easy ones first. Pick the low-hanging fruit. Then go back and take down another, and another. At this point it could be all they could get done in a short amount of time, and in any case it's still a good start.
Re:Still however useless (Score:5, Insightful)
As long as the source of the spam/malware problem isn't held accountable, nothing much will change.
The ultimate source (not cause!) of this problem is of course users that get spam, and then go on to send money to the folks that spammed them. But next in line are those companies that use spam, spread through malware-infected PC's, to sell their products (or sell worthless/dangerous crap, for that matter). Such shady companies should be put out of business, their CEO's thrown in jail ASAP (through whatever -legal- means), and profits confiscated to support the anti-spam operation.
Focussing on botnets is a good thing, but IMHO useless. Focussing on the folks running them is better, but the next botnet-operator-wannabee will step right in. Instead, efforts should focus on the businesses paying these fuckers.
How about taking down... (Score:3, Insightful)
Re:Still however useless (Score:4, Insightful)
Sadly true. Waledac might have been a "mature and no longer really expanding" botnet. Botnets do have a certain shelf-life before they start to die through attrition; either the maker comes up with a new propagation method (virus/etc), or it hits a point and stops really expanding, followed by the slow inevitable decline as machines die, or get reformatted, or get overwritten by a newer botnet. There have been botnets that targeted other botnets for invasion/absorption quite a few times.
If this can help catch and destroy botnets earlier on, it might be more effective.
The better goal should, of course, be to make systems (and users) more spam-proof. User education would be a good start, as would home ISP's putting everyone's computers behind a proper NAT rather than using cable modems that expose the user to the naked wild. I've seen more home users who "just put up with" what would seem to be obvious virus/problem behavior merely because they were terrified of having to back up their data or reformat...
Re:Still however useless (Score:2, Insightful)
Except the malware writers are not mythical creatures, they have real world considerations.
So improving security practices and doing the work to eliminate existing bots can actually make a difference.
Re:Still however useless (Score:3, Insightful)
The ultimate source (not cause!) of this problem is of course users that get spam, and then go on to send money to the folks that spammed them. But next in line are those companies that use spam, spread through malware-infected PC's, to sell their products (or sell worthless/dangerous crap, for that matter). Such shady companies should be put out of business ...
The majority of spam today does not conform to this model. A 419 scam [wikipedia.org] leads to Nigeria, where anti-spam laws do not apply. Stock spam [wikipedia.org] promotes a company, but the company being promoted is neither responsible for the spam nor profits from it. Even for the small minority of spam that does directly promote a company product, your proposal accomplishes nothing other than to open up a new way for enemies of a company to anonymously destroy said company: namely, simply send out forged spam to promote the company's products, and wait for the police to put the (innocent) company out of business.
Spam is a hard problem to solve. Almost anything you can think of will have been tried before, and won't work.
Re:Is spam really still a problem? (Score:2, Insightful)
Spam is still a problem for network operators who have to increase capacity to carry the spam, endpoints that need to buy faster processors to weed out the spam, and users whose filters don't catch all or most spam.
Then there are the other criminal enterprises and activities that spammers seem to invariably be attached to.