Waledac botnet

Spam email botnet

Waledac, also known by its aliases Waled and Waledpak, was a botnet mostly involved in e-mail spam and malware. In March 2010 the botnet was taken down by Microsoft.^[1]^[2]

Operations

Before its eventual takedown, the Waledac botnet consisted of an estimated 70,000–90,000 computers infected with the "Waledac" computer worm.^[1] The botnet itself was capable of sending about 1.5 billion spam messages a day, or about 1% of the total global spam volume.^[2]^[3]

On February 25, 2010, Microsoft won a court order which resulted in the temporary cut-off of 277 domain names which were being used as command and control servers for the botnet, effectively crippling a large part of the botnet.^[4] However, besides operating through command and control servers the Waledac worm was also capable of operating through peer-to-peer communication between the various botnet nodes, which means that the extent of the damage was difficult to measure.^[5] Codenamed 'Operation b49', an investigation was conducted for some months which thereby yielded an end to the 'zombie' computers. More than a million 'zombie' computers were brought out of the garrison of the hackers but still infected.^[6]

In early September 2010, Microsoft was granted ownership of the 277 domains used by Waledac to broadcast spam email.^[7]

The botnet was particularly active in North America and Europe and India, Japan and China.^[8]

References

^ ^a ^b Goodin, Dan (2010-03-16). "Waledac botnet 'decimated' by MS takedown; Up to 90,000 zombies freed". theregister.co.uk. London, UK: The Register. Retrieved 2014-01-09.
^ ^a ^b Whitney, Lance (2010-02-25). "With legal nod, Microsoft ambushes Waledac botnet | Security - CNET News". News.cnet.com. Retrieved 2010-07-30.
^ Claburn, Thomas. "Microsoft Decapitates Waledac Botnet". InformationWeek. Retrieved 2010-07-30.
^ Leyden, John (2010-02-25). "MS uses court order to take out Waledac botnet; Zombie network decapitated. For now". theregister.co.uk. London, UK: The Register. Retrieved 2014-01-09.
^ "Waledac Botnet - Deployment & Communication Analysis". FortiGuard. 2009-09-30. Retrieved 2010-07-30.
^ Help Net Security (26 February 2010). "Microsoft cripples the Waledac botnet". Net-security.org. Retrieved 2014-01-09.
^ Acohido, Byron (2010-09-08). "Microsoft gets legal might to target spamming botnets". USA Today.
^ "Microsoft goes to court to take down the Waledac botnet". the Guardian. 25 February 2010.

External links

Technical analysis of the Waledac worm
Is the infamous Waledac botnet out of the picture or not? | TechRepublic.com at archive.today (archived 2013-01-02)

Botnets

Notable botnets

Main articles

Hacking in the 2000s

← 1990s

Timeline

2010s →

Incidents

2004	Titan Rain (2003–2006) Operation Firewall
2005	Sony BMG copy protection rootkit scandal
2007	Cyberattacks on Estonia Operation: Bot Roast
2008	Project Chanology Cyberattacks on Georgia Sarah Palin email hack US military cyberattack
2009	Operation Troy Operation Aurora (findings published in 2010) WebcamGate (2008–2010)

Groups

Anonymous
- associated events
Avalanche
GNAA
0x1fe
GhostNet
PLA Unit 61398
RBN
ShadowCrew
TeamLoosh
World of Hell
Sandworm

Individuals

Darknets

Bluehell IRC

Hacking forums

ryan1918
unkn0wn.eu
darksun.ws

Vulnerabilities
discovered

Malware

2000	ILOVEYOU Pikachu
2001	Anna Kournikova Code Red Nimda Klez
2002	Simile
2003	SQL Slammer Welchia Sobig Gruel Graybird Blaster
2004	Bagle NetSky Sasser Mydoom
2005	PGPCoder Samy Sony rootkit
2006	Rustock ZLOB Stration
2007	Storm ZeuS Black Energy 1
2008	Asprox Agent.btz Mariposa
2009	Conficker Koobface Waledac