Waledac Botnet Now Completely Offline, Experts Say 91
Trailrunner7 writes "After Microsoft's actions to take down the Waledac botnet last month, there was some question about whether the operation was much more than a grab for headlines that would have little effect on actual spam levels or malware infections. But more than three weeks after the takedown, researchers say that Waledac has essentially ceased communications and its spam operations have dropped to near zero. One researcher said that Waledac now seems to be abandoned. 'It looks crippled, if not dead,' said Jose Nazario, a senior security researcher at Arbor Networks."
Re:Still however useless (Score:4, Interesting)
Useless in what way? Sure, on a global scale spam is still rampant, but they did show the tactic used has promise and worth pursuing.
True, we can't say for certain whether the tactic actually cut the head from the body or if operations were just moved to a new botnet and the original Waledac CENTCOM let MS think they had their victory but it's something, which is a little bit more than we had prior.
Re:MS is more clever? (Score:3, Interesting)
What MS should do is to re-register the domain names and point them to a C&C server they host. Then they have a wild botnet in a cage to be researched until they can find the best way to eradicate the thing, and others like it.
Or else command it to DDOS their foes. MWAHAHAHA!
Re:Still however useless (Score:5, Interesting)
There aren't that many botnets out there. I think most reputable observers peg it at around 6 or 7 big ones, from a spam perspective anyway. So taking one down is actually pretty awesome. Remember when McColo disappeared and spam levels dropped massively overnight? It wasn't that McColo itself pumped out spam, it was that the botnet C&C servers lived there.
As somebody who actually has to deal with the impacts of large botnets as part of my job at Google, I'd like to congratulate and thank the guys at Microsoft for this victory. Whether it has a noticeable impact on spam or not, it sends a powerful message to people thinking of making their own botnet - it can all end suddenly.
Building and maintaining a botnet is already pretty hard work .... between AV firms, Microsofts MSRT, users noticing problems and wiping the OS, removals by rival botnets and generally improving PC security botnet building has gone from something every man and his dog was doing to something very few can do well. Hardly any botnets become big. Most abuse I deal with comes in via bots that are apparently being shared or rented out to different (sometimes competing) spammers. That's an encouraging sign.
Chilling effect (Score:4, Interesting)
Other botnets generate new domain names fairly regularly. All the botnet controller needs to do is register one of those domains before it is generated. Good luck getting a court order to ban all the generated domains for the next few years.
No problem. Individual court orders should do the trick. After seeing 200+ ISPs going through depeering hell, Hosting providers will be a lot more careful who they let have a server. Of course, this is a less than ideal scenario for IT folk in general (especially because it puts the onus on hosting providers to monitor traffic), but it might be effective.
Re:Still however useless (Score:2, Interesting)
Re:tell microsoft to *stop* fixing bugs (Score:2, Interesting)
While the parent is intended as a joke, the idea that quality software will put people out of work is quite widespread among people in IT. Which is quite a sad state of affairs as it is such an obvious case of a broken window fallacy. [wikipedia.org] Rather then spending resources on fixing up damage, it is much more production to direct it on creation of new things or modifying existing to better meet the demand.
Is the source of this attitude the built in obsolescence idea from manufacturers? Do developers really think that once the perfect software is delivered the requirements will never again change and never need to be modified? Do they not enjoy adding new features and solutions, and would rather spend their time fixing the broken parts of releases? Even the support personnel should realize that there would still be a need for them in order to answer questions of the new users.