Image via Wikipedia
Microsoft has several other botnets in its crosshairs, and believes it can use the same legal tactic against them that it deployed last week to strike at the Waledac botnet's command-and-control centers.
But the company also admitted that it had not yet severed all communications between the controllers of Waledac and the thousands of compromised Windows computers used by hackers to pitch bogus security software and send a small amount of spam.
"This shows it can be done," said Richard Boscovich, senior attorney with Microsoft's Digital Crimes Unit. "Each botnet is different, of course, but this is another arrow in the quiver. This is not the last [effort].... We have other operations on the drawing board."
Last Wednesday, Microsoft announced that it had been granted a court order that yanked nearly 300 sites from the Internet. Those sites, Microsoft said, were a key link between hackers and the PCs that make up the Waledac botnet. The legal tactic, which garnered accolades from many security professionals as a precedent-setting move, resulted in what Microsoft called "a major botnet takedown" of Waledac, a fact that some researchers disputed.
The same method can and will be applied to other botnets, Boscovich said. He declined to say which zombie PC army is next on Microsoft's hit list. "Of course this is scalable," he said when asked whether the legal action against Waledac would work against other botnets, or was a one-off. "This is another tool we can now use, another mechanism that is available."
In fact, when Microsoft officials sat down in early January to decide which botnet to target, they started with a list of six, then narrowed it to three, from which they selected Waledac. The remaining five unnamed botnets remain on Microsoft's list.
eComTechnology Credit Card Processing and Website Management Solutions