Sign In
Microsoft Malware Protection Center
Threat Research & Response Blog
Options
Blog Home
About
Share this
RSS for posts
Atom
Search Blogs
Advanced search options...
Search In:
Everything
Blogs
Forums
People
Groups
Places
Pages
Date range:
All Time
Last Year
Last 6 Months
Last 3 Months
Last Month
Last Week
Last Two Days
Tags
Adobe
botnets
conference
conficker
exploits
guidance
Java
Malicious Software Removal Tool
malware research
Microsoft Security Essentials
MMPC
MSRT
passwords
phishing
piracy
research
rogue
Security Intelligence Report
SIR
SIR v11
SIR v9
spam
telemetry
trojan
vulnerability
Partner Links
Microsoft Safety Scanner
The Microsoft Safety Scanner is a free downloadable security tool that provides on-demand scanning and helps remove viruses, spyware, and other malicious software. It works with your existing antivirus software.
Microsoft Security Response Center
The Microsoft Security Response Center (MSRC) identifies, monitors, resolves, and responds to Microsoft software security vulnerabilities.
Microsoft Security Essentials
Get high-quality, hassle-free antivirus protection for your home PC now.
Microsoft Forefront
Microsoft Forefront: a comprehensive security product portfolio.
Windows Defender
Windows Defender Homepage
Microsoft AntiSpam
Microsoft AntiSpam
Industry Links
ICSA Labs
Virus Bulletin
Virus Bulletin: Independent Malware Advice
West Coast Labs
West Coast Labs (WCL) is one of the world's leading independent test facilities.
AV-Test
AV-Test.org - Tests of Anti-Virus and Security-Software
AV-Comparatives
Independent comparatives of Anti-Virus Software
Partner Blogroll
Forefront Client Security Team Blog
The scoop from the FCS engineering team.
Forefront Team Blog
Information about what's happening with the entire Microsoft Forefront Family of products.
Microsoft Security Research & Defense Blog
Information from Microsoft about vulnerabilities, mitigations and workarounds, active attacks, and other related guidance.
The Microsoft Security Response Center Blog
Working to help protect customers from vulnerabilities in Microsoft software.
Trustworthy Computing Blog
Perspectives on security, privacy, online safety and reliability topics.
MMPC Links
Microsoft Malware Protection Center
The Microsoft Malware Protection Center (MMPC) Portal.
Microsoft Security Intelligence Report
Microsoft Security Intelligence Report
Archive
Archives
May 2012
(4)
April 2012
(6)
March 2012
(9)
February 2012
(5)
January 2012
(8)
December 2011
(5)
November 2011
(8)
October 2011
(8)
September 2011
(7)
August 2011
(8)
July 2011
(9)
June 2011
(10)
May 2011
(13)
April 2011
(6)
March 2011
(11)
February 2011
(9)
January 2011
(4)
December 2010
(7)
November 2010
(5)
October 2010
(12)
September 2010
(10)
August 2010
(8)
July 2010
(7)
June 2010
(6)
May 2010
(5)
April 2010
(5)
March 2010
(9)
February 2010
(7)
January 2010
(3)
December 2009
(4)
November 2009
(9)
October 2009
(6)
September 2009
(8)
August 2009
(4)
July 2009
(5)
June 2009
(7)
May 2009
(8)
April 2009
(18)
March 2009
(10)
February 2009
(8)
January 2009
(5)
December 2008
(11)
November 2008
(7)
October 2008
(12)
September 2008
(8)
August 2008
(11)
July 2008
(4)
June 2008
(3)
Dismantling Waledac
TechNet Blogs
>
Microsoft Malware Protection Center
>
Dismantling Waledac
Dismantling Waledac
mmpc2
25 Feb 2010 11:05 AM
Comments
0
Today, you may have read in the Wall Street Journal about an operation Microsoft has been conducting against the
Win32/Waledac
botnet. If you haven’t already seen the article, you can find additional information in the
Microsoft on the Issues
blog. In summary, the Microsoft Digital Crimes Unit with support from the Microsoft Malware Protection Center has taken legal and technical steps in an attempt to disable the command and control infrastructure of Waledac in order to prevent the criminals responsible from issuing new instructions. Win32/Waledac is used, primarily, to send spam. It also has the ability to download and execute arbitrary files, harvest email addresses from the local machine, perform denial of service attacks, proxy network traffic and steal passwords. The impact posed by such an infection is, as a result, quite broad.
The method used for this takedown activity is rather novel and involves both legal and technical aspects. On Monday, Microsoft filed a complaint in the U.S. Eastern Court of Virginia and the court granted a temporary restraining order against 277 domains believed to be associated with Waledac and under the control of the criminals responsible. With this TRO we have been able to suspend these domains from the Internet and, as a byproduct of this suspension, impact the ability for the criminal operators of the botnet to issue new commands or updates. Additional technical measures are being employed to further reduce peer to peer communications and we are working with the security community to mitigate and respond to this botnet.
While the disruption of the command and control of Waledac is a positive thing, this does not- by itself- address the tens of thousands of computers which are still infected with the threat which are estimated to have been responsible for as many as 1.5 billion spam messages per day. As we have previously reported in our most recent
Security Intelligence Report
covering the second half of 2009, Microsoft technologies such as the Malicious
Software Removal Tool
and
Microsoft Security Essentials
were used to remove more than 96,000 instances of this threat- making it the 11th most prevalent during that period. As we have in the past we encourage our customers to run an up to date anti-virus program from a trusted source and to stay up to date with security updates from Microsoft using Automatic Update as well as staying up to date on third party software. If you are not already running up to date anti-virus, we would ask that you do this now to assist in containing this- and other- threats.
We’re not done. Stay tuned.
-- Jeff Williams
Comments