Earlier in 2010, Microsoft asked a US Federal Court for an injunction to shut down a cybercrime domain – Waledac.
Today, Magistrate Judge Anderson of the US District Court of Eastern Virginia indicated that he was recommending to the court that it grant Microsoft’s motion for default judgment in the case filed in February and permanently transfer ownership of the 276 domains behind Waledac to Microsoft, so they will never again be used for cybercrime.
Waledac did not respond to the case, but they were actively involved in trying to stop it. In one incident they actively tried to retaliate, by launching a distributed denial of service (DDOS) attack against the law firm that filed the suit. Then in a second and more notorious action, they threatened one of the researchers involved in the case.
Judge Anderson will be issuing a report and recommendation to the District Court to grant default judgment in Microsoft’s favor. The defendants will have 14 days to object to the ruling, but if they do not come forward, as they have been reluctant to do so up till now, the District Court ruling will be final.
Given the technical and criminal nature of the operation and the fact that Waledac has not presented a defense in court to date, it means this case has come to a successful resolution.
This legal victory is just one part of closing the book on Waledac. This operation has provided Microsoft and the legal community with more visibility into the actual footprint of this notorious botnet. By this legal action, the number of unique infected IP addresses has steadily declined and as of August 30th 2010 there were just more than 58,000 unique IP addresses infected with Waledac malware. That is down from nearly 64,000 addresses during the week of July 23rd, 2010.
Microsoft has gathered information on the infected IP addresses to begin working with CERTs and ISPs to contact affected customers in order to remove the Waledac malware from as many computers as possible. Going further, Microsoft has created a website –http://support.microsoft.com/botnets – dedicated to helping people clean their computers.