This week, the Microsoft Digital Crimes Unit (DCU) took legal action in cooperation with other tech industry members and Microsoft’s Trustworthy Computing team (TWC) to decapitate and severely limit the activity of the spam botnet Waledac, one of the 10 largest botnets in the US and a major distributor of spam globally.
The action, codenamed Operation b49, involved months of investigation and culminated in a request by Microsoft for an ex parte (non-public) temporary restraining order (TRO) allowing the domains believed to be responsible for commanding and controlling the Waledac botnet to be cut off from the Internet.
On Monday, February 22, the US District Court for the Eastern District of Virginia issued that order and in the intervening days, the order was sealed while the registry operator VeriSign took the action to sever the domains. That severance has taken place and I’m happy to report that Waledac traffic has been disrupted significantly and we continue to work to further reduce the remaining traffic.
To see Waledac impact for yourself, check out: http://www.sudosecure.net/waledac/index.php:
More details from the DCU team on the Microsoft Blog: Cracking Down on Botnets.