Waledac botnet

Last updated

Waledac, also known by its aliases Waled and Waledpak, was a botnet mostly involved in e-mail spam and malware. In March 2010 the botnet was taken down by Microsoft. [1] [2]

Contents

Operations

Before its eventual takedown, the Waledac botnet consisted of an estimated 70,000–90,000 computers infected with the "Waledac" computer worm. [1] The botnet itself was capable of sending about 1.5 billion spam messages a day, or about 1% of the total global spam volume. [2] [3]

On February 25, 2010, Microsoft won a court order which resulted in the temporary cut-off of 277 domain names which were being used as command and control servers for the botnet, effectively crippling a large part of the botnet. [4] However, besides operating through command and control servers the Waledac worm is also capable of operating through peer-to-peer communication between the various botnet nodes, which means that the extent of the damage is difficult to measure. [5] Codenamed 'Operation b49', an investigation was conducted for some months which thereby yielded an end to the 'zombie' computers. More than a million 'zombie' computers were brought out of the garrison of the hackers but still infected. [6]

In early September 2010, Microsoft was granted ownership of the 277 domains used by Waledac to broadcast spam email. [7]

The botnet was particularly active in North America and Europe and India, Japan and China. [8]

See also

Related Research Articles

<span class="mw-page-title-main">Timeline of computer viruses and worms</span> Computer malware timeline

This timeline of computer viruses and worms presents a chronological timeline of noteworthy computer viruses, computer worms, Trojan horses, similar malware, related research and events.

Bagle was a mass-mailing computer worm affecting Microsoft Windows. The first strain, Bagle.A, did not propagate widely. A second variant, Bagle.B, was considerably more virulent.

<span class="mw-page-title-main">Botnet</span> Collection of compromised internet-connected devices controlled by a third party

A botnet is a group of Internet-connected devices, each of which runs one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam, and allow the attacker to access the device and its connection. The owner can control the botnet using command and control (C&C) software. The word "botnet" is a portmanteau of the words "robot" and "network". The term is usually used with a negative or malicious connotation.

<span class="mw-page-title-main">Storm Worm</span> Backdoor Trojan horse found in Windows

The Storm Worm is a phishing backdoor Trojan horse that affects computers using Microsoft operating systems, discovered on January 17, 2007. The worm is also known as:

<span class="mw-page-title-main">Storm botnet</span> Computer botnet

The Storm botnet or Storm worm botnet was a remotely controlled network of "zombie" computers that had been linked by the Storm Worm, a Trojan horse spread through e-mail spam. At its height in September 2007, the Storm botnet was running on anywhere from 1 million to 50 million computer systems, and accounted for 8% of all malware on Microsoft Windows computers. It was first identified around January 2007, having been distributed by email with subjects such as "230 dead as storm batters Europe," giving it its well-known name. The botnet began to decline in late 2007, and by mid-2008 had been reduced to infecting about 85,000 computers, far less than it had infected a year earlier.

Srizbi BotNet is considered one of the world's largest botnets, and responsible for sending out more than half of all the spam being sent by all the major botnets combined. The botnets consist of computers infected by the Srizbi trojan, which sent spam on command. Srizbi suffered a massive setback in November 2008 when hosting provider Janka Cartel was taken down; global spam volumes reduced up to 93% as a result of this action.

The Mega-D, also known by its alias of Ozdok, is a botnet that at its peak was responsible for sending 32% of spam worldwide.

Alureon is a trojan and rootkit created to steal data by intercepting a system's network traffic and searching for banking usernames and passwords, credit card data, PayPal information, social security numbers, and other sensitive user data. Following a series of customer complaints, Microsoft determined that Alureon caused a wave of BSoDs on some 32-bit Microsoft Windows systems. The update, MS10-015, triggered these crashes by breaking assumptions made by the malware author(s).

The Rustock botnet was a botnet that operated from around 2006 until March 2011.

The Grum botnet, also known by its alias Tedroo and Reddyb, was a botnet mostly involved in sending pharmaceutical spam e-mails. Once the world's largest botnet, Grum can be traced back to as early as 2008. At the time of its shutdown in July 2012, Grum was reportedly the world's third largest botnet, responsible for 18% of worldwide spam traffic.

The Asprox botnet, also known by its aliases Badsrc and Aseljo, is a botnet mostly involved in phishing scams and performing SQL injections into websites in order to spread malware. It is a highly infectious malware which spreads through an email or through a clone website. It can be used to trace any kind of personal or financial information and activities online.

The Lethic Botnet is a botnet consisting of an estimated 210 000 - 310 000 individual machines which are mainly involved in pharmaceutical and replica spam.

The Bredolab botnet, also known by its alias Oficla, was a Russian botnet mostly involved in viral e-mail spam. Before the botnet was eventually dismantled in November 2010 through the seizure of its command and control servers, it was estimated to consist of millions of zombie computers.

Sality is the classification for a family of malicious software (malware), which infects Microsoft Windows systems files. Sality was first discovered in 2003 and has advanced to become a dynamic, enduring and full-featured form of malicious code. Systems infected with Sality may communicate over a peer-to-peer (P2P) network to form a botnet to relay spam, proxying of communications, exfiltrating sensitive data, compromising web servers and/or coordinating distributed computing tasks to process intensive tasks. Since 2010, certain variants of Sality have also incorporated rootkit functions as part of an ongoing evolution of the malware family. Because of its continued development and capabilities, Sality is considered one of the most complex and formidable forms of malware to date.

The Kelihos botnet, also known as Hlux, is a botnet mainly involved in spamming and the theft of bitcoins.

ZeroAccess is a Trojan horse computer malware that affects Microsoft Windows operating systems. It is used to download other malware on an infected machine from a botnet while remaining hidden using rootkit techniques.

Virut is a cybercrime malware botnet, operating at least since 2006, and one of the major botnets and malware distributors on the Internet. In January 2013, its operations were disrupted by the Polish organization Naukowa i Akademicka Sieć Komputerowa.

<span class="mw-page-title-main">Microsoft Digital Crimes Unit</span>

The Microsoft Digital Crimes Unit (DCU) is a Microsoft sponsored team of international legal and internet security experts employing the latest tools and technologies to stop or interfere with cyber crime and cyber threats. The Microsoft Digital Crimes Unit was assembled in 2008. In 2013, a Cybercrime center for the DCU was opened in Redmond, Washington. There are about 100 members of the DCU stationed just in Redmond, Washington at the original Cybercrime Center. Members of the DCU include lawyers, data scientists, investigators, forensic analysts, and engineers. The DCU has international offices located in major cities such as: Beijing, Berlin, Bogota, Delhi, Dublin, Hong Kong, Sydney, and Washington, D.C. The DCU's main focuses are child protection, copyright infringement and malware crimes. The DCU must work closely with law enforcement to ensure the perpetrators are punished to the full extent of the law. The DCU has taken down many major botnets such as the Citadel, Rustock, and Zeus. Around the world malware has cost users about $113 billion and the DCU's jobs is to shut them down in accordance with the law.

The Necurs botnet is a distributor of many pieces of malware, most notably Locky.

Brambul is an SMB protocol computer worm that decrypts and automatically moves from one computer to its second computer.

References

  1. 1 2 Goodin, Dan (2010-03-16). "Waledac botnet 'decimated' by MS takedown; Up to 90,000 zombies freed". theregister.co.uk. London, UK: The Register . Retrieved 2014-01-09.
  2. 1 2 Whitney, Lance (2010-02-25). "With legal nod, Microsoft ambushes Waledac botnet | Security - CNET News". News.cnet.com. Retrieved 2010-07-30.
  3. Claburn, Thomas. "Microsoft Decapitates Waledac Botnet". InformationWeek. Retrieved 2010-07-30.
  4. Leyden, John (2010-02-25). "MS uses court order to take out Waledac botnet; Zombie network decapitated. For now". theregister.co.uk. London, UK: The Register . Retrieved 2014-01-09.
  5. "Waledac Botnet - Deployment & Communication Analysis". FortiGuard. 2009-09-30. Retrieved 2010-07-30.
  6. Help Net Security (26 February 2010). "Microsoft cripples the Waledac botnet". Net-security.org. Retrieved 2014-01-09.
  7. Acohido, Byron (2010-09-08). "Microsoft gets legal might to target spamming botnets". USA Today.
  8. "Microsoft goes to court to take down the Waledac botnet". the Guardian. 25 February 2010.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.