"Waledac simply is non a hugely prolific spammer," said Joe Stewart, manager of malware analysis at SecureWorks in addition to a noted botnet researcher. "So I don't mean value it's going to touching on spam [volume]. What it does create lately... what it's used for, is to install rogue antivirus software."
The UK-based anti-spam service Spamhaus echoed Stewart today. "If [Microsoft's take-down] did touching on spam, nosotros haven't noticed," said Richard Cox, the main information officeholder at Spamhaus. Like Stewart, Cox likewise dismissed Waledac's threat equally a spam engine.
"Waledac was non a high threat, it's less than 1% of the spam traffic," Cox said. "What we're worried almost is Zeus, which is a far to a greater extent than damaging botnet, which is creating a substantial total of spam."
Postini, the message safety in addition to filtering theatre owned past times Google, likewise said it had non detected whatsoever drib inwards spam. "The squad hasn't seen whatsoever alter in addition to then far," said Google spokesman Jay Nancarrow.
Earlier today, Microsoft said that the Waledac botnet, which it claimed controls hundreds of thousands of infected PCs - is a "major distributor of spam globally." Microsoft likewise said that its researchers had snatched almost 60,000 machines away from the botnet.
Stewart wasn't seeing whatsoever show of those claims, either. "I haven't seen whatsoever decrease inwards [Waledac's] activity, the researcher said. "To me, it looks similar concern equally usual."
Late Wednesday, Microsoft announced it had won a federal courtroom social club that cutting off 277 .com domains associated amongst the botnet, in addition to said that past times knocking those sites off the Internet, it would seriously disrupt Waledac's operation. "This activity has chop-chop in addition to effectively cutting off traffic to Waledac at the '.com' or domain registry level, severing the connective betwixt the command in addition to command centers of the botnet in addition to most of its thousands of zombie computers simply about the world," Tim Cranton, an associate full general counsel amongst Microsoft, said inwards a weblog entry yesterday.
But Stewart said it's real unlikely that the motion had truly crippled the botnet. "Waledac uses a peer-to-peer protocol for its command in addition to control," he said, referring to the machinery that the most technically-advanced zombie PC commanders role to command their armies. "But the bots don't truly [depend] on those domain names to communicate."
In fact, said Stewart, Waledac bots volition hold out able to communicate "indefinitely" past times using the IP (Internet Protocol) addresses that are hard-coded into the bot Trojan. To kill off a botnet similar Waledac, Microsoft would direct hold had to target non solely the domains it did, but likewise every possible IP address coded into the malware. "I don't run into how y'all tin kill a botnet similar this," Stewart said. "There's no unmarried betoken of failure for these botnets."
Even so, he applauded Microsoft's move. "...This is a expert start, it's a expert pace inwards the correct direction," Stewart said, offering upwards other ways the company's resources mightiness direct hold been meliorate spent. "There are enough of other botnets where this approach mightiness operate -- whatsoever that depend on a centralized command in addition to command server."
Waledac was created by, in addition to is maintained by, hackers who previously flooded the Internet amongst the Storm bot Trojan. The people behind this botnet aren't rookies, Stewart said. "We're dealing amongst the same people behind Storm, in addition to they definitely know the ins in addition to outs."
In all likelihood, he added, Microsoft's maneuver won't halt an established botnet similar Waledac. "They're attacking the very, real front end terminate of the whole scheme of the bot," he said.
Microsoft acknowledged that its operate isn't done. "[This] is non a argent bullet for undoing all the harm nosotros believe Waledac has caused," said Cranton. "Although the zombies are at nowadays largely out of the bot-herders' control, they are yet infected amongst the master copy malware."
Message safety companies that monitor the pulse of spam, including Symantec's MessageLabs in addition to Google's Postini, were non able to straight off come upwards up amongst information to demonstrate whether the purported demise of Waledac has, equally Microsoft claimed, depressed spam levels.
Microsoft has targeted Waledac before. In Apr 2009, the companionship issued a version of its Malicious Software Removal Tool (MSRT) that scrubbed the malware from Waledac-infected Windows PCs. In the minute one-half of terminal year, MSRT in addition to other Microsoft software, notably the costless antivirus plan Microsoft Security Essentials, cleaned 96,000 systems of Waledac, boasted Jeff Williams, the manager of Microsoft's Malware Protection Center, today.
Williams, who urged users to run MSRT in addition to expire on their anti-virus software upwards to date, likewise hinted that Microsoft had to a greater extent than on Waledac than it had disclosed. "We're non done," he said. "Stay tuned."
News Source : Microsoft
Share This :
comment 0 Comments
more_vert