Microsoft has defeated the Waledac botnet in court, after a legal decision that could provide a precedent in future cases.
A judge in the Eastern Virginia District Court says he’ll recommend that the defendants transfer 276 domain names to Microsoft so they
can’t be used for cybercrime again. The decision confirms a temporary restraining order issued in February.
They have two weeks to challenge this, but may well not do so, as they failed to turn up in court. According to Microsoft, they used other tactics instead.
“Microsoft presented evidence to the court that although the defendants did not come forward, they were aware of the case and actively tried to retaliate, attempting to launch a distributed denial of service (DDoS) attack against the law firm that filed the suit and even going so far as to threaten one of the researchers involved in the case,” the company says on its blog.
The owners of the botnet are believed to be based in China, where most of the domains are registered. Confiscating the domains without the presence of the defendants was a legal first, but was carried out under a principle called ‘ex parte‘. This allows the court to make such decisions on the grounds of public interest.
Microsoft says it has a number of similar cases in the pipeline as part of its Project MARS (Microsoft Active Response for Security).
“we’re already working to apply the lessons we learned from this operation to future initiatives,” says the company. “The industry is beginning to take a more aggressive stance against botnets. You can be sure that there will be more to come.”
At its height, Waledac was sending out over 1.5 billion spam emails per day. But more good news, says Microsoft, is that it’s made good progress cleaning up the infection. At the end of August, it says, there were just over 58,000 unique IP addresses infected, down from nearly 64,000 addresses during the week of July 23rd. It hasn’t seen any new infections since it first took action.