Microsoft Wins Another Legal Battle In Fight Against Waledac


Microsoft is one step closer to obliterating the remains of Waledac after a federal magistrate backed the software giant in its request to seize 276 domains under the notorious botnet's control.

Magistrate Judge Anderson of the U.S. District Court of Eastern Virginia recommended Wednesday that the court grant Microsoft a default judgment to permanently transfer ownership of the 276 Waledac domains to Microsoft, in an effort to put a stop to their use in cybercrime.

All 276 of the domains would be rendered ineffective, essentially cutting off communication with the botnet's myriad of affected computers, once they were under Microsoft's control.

"Today, I'm pleased to announce that our legal action to permanently shut down the botnet has been successful and we have begun working with Internet Service Providers ISPs and CERTs to help customers remove the Waledac infection from their computers," Microsoft said in a company blog post.

Online and printed notices were given to the domain owners requesting that they come forward, although no one ever did. Meanwhile, Microsoft said that it presented evidence to the court indicating that the defendants actively tried to retaliate against the company by attempting to launch a distributed denial of service (DDoS) attack against the law firm that filed the suit, and also tried to threaten one of the researchers involved in the case.

In light of the evidence indicating it was in the best interest of the public to transfer the domains' ownership, Judge Anderson recommended to the District Court to grant default judgment in Microsoft's favor. The defendants have two weeks to file an objection, although Microsoft said one is not expected.

"The defendants are highly unlikely to respond, given the nature of the operation and the fact they have not presented a defense in court to date, which means this case has effectively been brought to a successful resolution," Microsoft said.

The federal ruling was another decision resulting from the the massive collaborative effort known as the Operation b49, in which Microsoft, members of the security community and academia joined forces to completely shut down the Waledac botnet.

An ex parte temporary restraining order was granted by the court in February, which enabled Microsoft to take Waledac-controlled domains offline without the court presence of the domains' owners. Microsoft filed the motion in an effort to disrupt the botnet's distribution via peer-to-peer communications and to intercept the activities of the bot-herders, who could possibly transfer their operations to other domains.

"Through this process, the courts and the security community have paved the way for future takedowns in cases where criminals are abusing anonymity to victimize computer users around the world," Microsoft said. "This legal victory is just one part of closing the book on Waledac."

Waledac was responsible for a significant amount of spam, and had infected an estimated 100,000 computers, according to Microsoft. In July, the botnet had infected around 64,000 unique IP addresses, which slowly decreased to 58,000 by the end of August, Microsoft said.

The Waledac takedown was the first undertaking in a larger Microsoft-led project dubbed Project Microsoft Active Response for Security, a joint effort between Microsoft's Digital Crimes Unit, the Microsoft Malware Protection Center, Microsoft Support and the Trustworthy Computing team, to eradicate botnets and bolster Internet security, which have led to actions against other botnets such as Mariposa and Pushdo/Cutwail.

Microsoft said in its blog post Wednesday that the joint effort was part of a more aggressive stance against botnets in general.