277 domains blocked to counter Waledac botnet
For more than a year one of the most productive spam botnets, Waledac, has continued to exist. There was already more than one modification of this Trojan. In ESET anti-virus databases, it is known as Win32 / Waledac .
You, probably, have already heard the mention of Waledac more than once, as almost no holiday last year did not go without sending spam with this malicious program inside. According to our measurements , a botnet created using the Waledac program can send out about several billion spam emails every day. The protocol of network interaction of this botnet was analyzed by independent researchers and published in November last year at the European Conference on Computer Network Defense.
Today, Microsoft's official blog has information about blocking 277 domain names in the .com zone, which acted as command centers for this botnet. This is due to the official complaint of the company filed in a US court. I note that for all these domains, hosting services were provided by Verisign , which so far refrains from any comments on this matter.
')
Thus, MS is trying to block the ability of bots to receive new commands from control centers, and we all hope that the activity of this botnet will decline. If this method of struggle turns out to be effective, then perhaps it will be the first step that will allow countering such threats not only at the technical level, but also at the legal level. True, unfortunately, this small victory has nothing to do with our Russian legislation, but perhaps it will mark a new trend to combat botnets.
You, probably, have already heard the mention of Waledac more than once, as almost no holiday last year did not go without sending spam with this malicious program inside. According to our measurements , a botnet created using the Waledac program can send out about several billion spam emails every day. The protocol of network interaction of this botnet was analyzed by independent researchers and published in November last year at the European Conference on Computer Network Defense.
Today, Microsoft's official blog has information about blocking 277 domain names in the .com zone, which acted as command centers for this botnet. This is due to the official complaint of the company filed in a US court. I note that for all these domains, hosting services were provided by Verisign , which so far refrains from any comments on this matter.
')
Thus, MS is trying to block the ability of bots to receive new commands from control centers, and we all hope that the activity of this botnet will decline. If this method of struggle turns out to be effective, then perhaps it will be the first step that will allow countering such threats not only at the technical level, but also at the legal level. True, unfortunately, this small victory has nothing to do with our Russian legislation, but perhaps it will mark a new trend to combat botnets.
Source: https://habr.com/ru/post/85562/
All Articles