Waledac Takedown Successful

A few weeks ago, I blogged about our paper "Walowdac – Analysis of a Peer-to-Peer Botnet". The paper provides an overview of the Waledac botnet and its specific aspects compared to Storm Worm and similar peer-to-peer botnets. The paper also contains some measurement results for the botnet like the typical number of online bots and similar statistics.

In the last couple of days, the situation changed a bit: we worked on an active takedown of the botnet together with experts from Microsoft, Shadowserver, the University of Mannheim, University of Bonn, University of Washington, Symantec and others. The operation is know within Microsoft as "Operation b49" and involved domain takedowns and additional technical countermeasures. Microsoft also did some fantastic work on the legal side, the complaint filed by Microsoft ("Microsoft Corporation v. John Does 1-27, et. al.") is available online. As a result, the communication infrastructure of Waledac has been disrupted to a certain extent and the botmaster can effectively not send commands to the bots. The Waledac Tracker by sudosecure.net also shows a nice decline in the number of bots for the last few days. Note, however, that the infected machines are still up and running, thus some clean-up at that side is still necessary...

You can read more about the story in a blog post by Microsoft: "Cracking Down on Botnets". And I will update the blog with new information once we start to analyze the collected data...


    No Trackbacks


Display comments as (Linear | Threaded)

  1. Anonymous says:

    Fuchs du hast die Gans gestohlen, gib sie wieder her!

    und "commentspamming" heißt eigentlich "comment spamming" auf englisch.

  2. Ann says:

    It's nice that you are still growing and build the network so more people know what you are doing to help us with helpful information!Everyone can make use of this site! Thank you!

  3. James D says:

    I couldn't agree more Ann, but could you please tell us more? I'm very curious what you think.. and have e great day in the mean time. I will check for an answer during the week, hopefully you have answered by then.

  4. CAAS says:

    Thanks so much for this valuable info! I'm happy to hear that the Task Force is making headway in their attempts to stifle this growing problem. Kudos to all who all who have helped in this struggle! -Cassandra

  5. clyde Robinson says:

    open up your minds and lets do something about world critics by acting appropraitely
    against negative views and what some other bele should be their self beileves

  6. GaMeS says:

    It amazes me how the general public does nothing on protecting their machines by having basic anti-virus software. Most of these issues with botnets would be prevented with a free version of security essentials from microsoft.

  7. empleos en guadalajara says:

    I have been looking around the internet for something of relevance to me and my whole family, now this information has caught my attention, and will be sharing with them.

  8. SEO Chicago says:

    Microsoft has a very powerful legal team that doesn't take these cases lightly. They really don't want anyone treading in their waters. I'm surprised that Waledac would behave in such a matter to take on Microsoft.

  9. Abbreviations says:

    Microsoft is an overall provider of operating software in the world therefore they have the power to take down anything that steps in their way.

  10. canon says:

    great post

  11. phlebotomy classes in ky says:

    Phlebotomists are employed to draw blood samples. Training includes techniques in skin punctures, safety and patient communication.

  12. Short Hairstyles 2011 says:

    Thanks for this excellent and worth sharing post. Kudos!

  13. security credentials says:

    Internet security has become such an issue that we had to create an entire department in our company to deal with the constant attacks. It was once a job that our internal security team was in charge of, but the problem is so large it requires more attention. When you mention bots in your article, are these similar to the bots that constantly attack our network? What are software companies developing in the future to slow down these attacks? We spend a fortune on our security budget, and would like to hear something positive about what can be done to protect our business.

  14. Locksmith Cicero says:

    Done well. I am amazed with the excellence of the advice offered. I sincerely hope that you keep up with the outstanding work achieved.
    Locksmith Cicero

  15. Discount Britney Spears Tickets says:

    I found your website perfect for my needs. It contains wonderful and helpful posts. I have read most of them and got a lot from them.

  16. san diego spyware removal says:

    My pal Jeff from University of Washington was trying to explain this to me, but it was sort of confusing. he sent me to this article, and now I've got a better picture of the Waledac and botnet in general.

  17. George Terry says:

    Bonnets are seemingly designed to seek commands from a bot-herder from a shared communications resource which creates a single point (e.g. CIR channel), and if single point/ channel is shut down hence removing the server associated with it, it is possible to blow the whole enterprise out of the water; but as bonnets are extremely sophisticated (not to mention profitable) nowadays I dread the day when a monster is lauded ‘practically indestructible’ because I believe it can be.

  18. emergency seed bank says:

    It's good that the court case has been resolved. How much money was given to the winner of the court case? Did they receive a large check to bring to the bank?

  19. how to build muscle says:

    The paper also contains some measurement results for the botnet like the typical number of online bots and similar statistics.

  20. Mission Beach Vacation Rentals says:

    I am very pleased to hear this case has been fully resolved. I remember hearing briefly about this when the event first happened, but hadn't really followed up beyond that. Thanks again for the great article.

  21. Text marketing leads says:

    I know nothing about computer mechanics or hacking, but did get a kick out of reading this post. It reminded me of the civil war meets the matrix. Good stuff!

  22. ffxiv gold says:

    I wonder why the other specialists of this sector do not notice this. I desired to keep a little thoughts to assist you and wish you a good extension.

  23. http://acne-scarsmarks.com/ says:

    In fact, the morning walk is a source of active intake of oxygen and other essential factors. The people who have a routine of morning walk can absorb the sunlight. Sunlight of early morning contains the Vitamin D. It means you can get this vitamin without spending money. It is a natural and free source of vitamins. You are suggested to focus on these sources to be healthy.

  24. wigs says:

    I will bookmark this for future reference and refer it to my friends. I guess I am not the only one having all the enjoyment here! keep up the good work

  25. Besuchen Sie die Webseite says:

    Finally an article that is not the same thing we hear over and over again. I appreciate your thought and insight into this subject matter.

  26. hair extensions says:

    interesting and thank you for sharing the information.

  27. boni says:

    Working on data projects makes you understand whats wrong about making assumptions. You can't forsee every consequence there's gonna be.

  28. hot tubs lexington ky says:

    Lexington, Kentucky is popularly known in the U.S. as "The horse capital of the world," home to the Kentucky Derby and several other important horse races. Whether you are traveling for business or for pleasure, Lexington's hotels with in-room hot tubs provide relaxation you may need at the end of an eventful day.

  29. information security says:

    Nice post. thanks. This post is very helpful and shows that you have a lot of knowledge on the topic. its informative and your writing style encouraged me to read it till end.

Add Comment

E-Mail addresses will not be displayed and will only be used for E-Mail notifications

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.