Microsoft Ambushes Waledac Botnet, Shutters Whistleblower Site

Microsoft’s lawyers this week engineered a pair of important takedowns, one laudable and the other highly-charged. The software giant orchestrated a legal sneak attack against the Web servers controlling the Waledac botnet, a major distributor of junk e-mail. In an unrelated and more controversial move, Redmond convinced an ISP to shutter a popular whistleblower Web site for hosting a Microsoft surveillance compliance document.

On Feb. 22, a federal judge in Virginia granted a request quietly filed by Microsoft to disconnect 277 Internet domains believed to be responsible for directing the daily activities of the Waledac botnet, estimated to be one of the ten-largest spam botnets in existence today and responsible for sending 1.5 billion junk e-mails per day. Microsoft said it found that between December 3-21, 2009, approximately 651 million spam emails attributable to Waledac were directed to Hotmail accounts alone, including offers and scams related to online pharmacies, imitation goods, jobs, penny stocks and more.

The takedown, which Microsoft dubbed “Operation b49,” has “quickly and effectively cut off traffic to Waledac at the ‘.com’ or domain registry level, severing the connection between the command and control centers of the botnet and most of its thousands of zombie computers around the world,” the company said. From the official Microsoft blog:

“Three days into the effort, Operation b49 has effectively shut down connections to the vast majority of Waledac-infected computers, and our goal is to make that disruption permanent. But the operation hasn’t cleaned the infected computers and is not a silver bullet for undoing all the damage we believe Waledac has caused. Although the zombies are now largely out of the bot-herders’ control, they are still infected with the original malware.”

What praise and adulation the IT industry might heap on Microsoft for this effort, however, may be drowned out by the growing chorus of criticism over Microsoft’s legal victory against a popular whistleblower Web site. Alleging copyright infringement, Microsoft went after curator John Young on Tuesday after he posted a Microsoft compliance document that the company gives to law enforcement agents seeking information on Microsoft users.

On Wednesday, Cryptome was shut down by its hosting provider, Network Solutions. As’s Ryan Singel writes, the takedown shuttered “a site that thumbed its nose at the government since 1996 — posting thousands of documents that the feds would prefer never saw the light of day.”

Predictably, the document has since shown up on numerous other Web sites, including, and It includes information about the various types of customer information available to law enforcement across Microsoft’s properties, such as Xbox Live. The document, titled “Global Criminal Compliance Handbook,” is worth a read for anyone curious about the types of identifying user information that Microsoft may make available to law enforcement upon request

“On the botnet stuff, Microsoft deserves credit for its strategy and the court deserves kudos for understanding the importance of the case,” former Justice Department prosecutor Mark Rasch said. “The other takedown, though, is unwinable for Microsoft, because it’s a little like wrestling with a pig: You’re just going to make the pig mad.”

Update, 1:19 p.m. ET: ReadWriteWeb is reporting that Microsoft has decided to withdraw the copyright complaint against Cryptome, and that the site is expected to be back online today.

Оставьте комментарий