Waledac botnet#Operations
{{Short description|Spam email botnet}}
Waledac, also known by its aliases Waled and Waledpak, was a botnet mostly involved in e-mail spam and malware. In March 2010 the botnet was taken down by Microsoft.{{cite web|url=https://www.theregister.co.uk/2010/03/16/waledac_takedown_success/ |title=Waledac botnet 'decimated' by MS takedown; Up to 90,000 zombies freed |first=Dan |last=Goodin |work=theregister.co.uk |publisher=The Register |location=London, UK |date=2010-03-16 |access-date=2014-01-09}}{{cite web|last=Whitney |first=Lance |url=http://news.cnet.com/8301-1009_3-10459558-83.html |title=With legal nod, Microsoft ambushes Waledac botnet | Security - CNET News |publisher=News.cnet.com |date=2010-02-25 |access-date=2010-07-30}}
Operations
Before its eventual takedown, the Waledac botnet consisted of an estimated 70,000–90,000 computers infected with the "Waledac" computer worm. The botnet itself was capable of sending about 1.5 billion spam messages a day, or about 1% of the total global spam volume.{{cite web|last=Claburn |first=Thomas |url=http://www.informationweek.com/news/hardware/desktop/showArticle.jhtml?articleID=223100747 |title=Microsoft Decapitates Waledac Botnet |publisher=InformationWeek |access-date=2010-07-30}}
On February 25, 2010, Microsoft won a court order which resulted in the temporary cut-off of 277 domain names which were being used as command and control servers for the botnet, effectively crippling a large part of the botnet.{{cite web|url=https://www.theregister.co.uk/2010/02/25/ms_waledac_takedown/ |title=MS uses court order to take out Waledac botnet; Zombie network decapitated. For now |first=John |last=Leyden |work=theregister.co.uk |publisher=The Register |location=London, UK |date=2010-02-25 |access-date=2014-01-09}} However, besides operating through command and control servers the Waledac worm was also capable of operating through peer-to-peer communication between the various botnet nodes, which means that the extent of the damage was difficult to measure.{{cite web|url=http://www.fortiguard.com/analysis/waledacanalysis.html |title=Waledac Botnet - Deployment & Communication Analysis |publisher=FortiGuard |date=2009-09-30 |access-date=2010-07-30}}
Codenamed 'Operation b49', an investigation was conducted for some months which thereby yielded an end to the 'zombie' computers. More than a million 'zombie' computers were brought out of the garrison of the hackers but still infected.{{cite web|author=Help Net Security |url=http://www.net-security.org/secworld.php?id=8926 |title=Microsoft cripples the Waledac botnet | date=26 February 2010 |publisher=Net-security.org |access-date=2014-01-09}}
In early September 2010, Microsoft was granted ownership of the 277 domains used by Waledac to broadcast spam email.{{cite news| url=https://www.usatoday.com/tech/news/2010-09-08-botnets08_ST_N.htm | work=USA Today | first=Byron | last=Acohido | title=Microsoft gets legal might to target spamming botnets | date=2010-09-08}}
The botnet was particularly active in North America and Europe and India, Japan and China.{{cite web |title=Microsoft goes to court to take down the Waledac botnet |url=https://www.theguardian.com/technology/blog/2010/feb/25/microsoft-waledac-botnet-beheaded |website=the Guardian |language=en |date=25 February 2010}}
See also
References
{{Reflist|2}}
External links
- [https://web.archive.org/web/20161223004000/https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/W32_Waledac.pdf Technical analysis of the Waledac worm]
- {{webarchive |date=2013-01-02 |url=https://archive.today/20130102212709/http://blogs.techrepublic.com.com/security/?p=3233 |title=Is the infamous Waledac botnet out of the picture or not? | TechRepublic.com}}
{{Botnets}}
{{Hacking in the 2000s}}