Waledac disruption only the beginning, says Microsoft

In the wake of the news regarding Microsoft’s disruption of Waledac botnet’s links between its command and control centers and the infected zombie computers by legal means, Richar Boscovich, the senior attorney with the company’s Digital Crimes Unit, says that this is not the last botnet to be targeted.

Even though Microsoft admits that not all communication between the C&C centers and the infected bots has been disrupted, Boscovich says that “this shows it can be done” and announces other operations whose targets and modus operandi will remain secret until the deployment.

The legal means that allowed the “Waledac operation” to succeed are going to be used again against other botnets. When choosing to attack this particular botnet, Microsoft officials had six other botnets to select from. What made Waledac so suitable is that the C&C domains were registered with one domain registrar, therefore easier to synchronize the shutdown of the sites.

According to Computerworld, the Waledac bots can still communicate to its bot-herders via IP addresses hard-coded into the bot Trojan, but Microsoft is also working on disrupting that link.

Most organizations and companies are skeptical about the results of this action. “It’s one of the smallest botnets out there, and the court order appears to have had very little effect on its output,” says Matt Sergeant, anti-spam researcher with Symantec’s MessageLabs, echoing the thoughts of many.

Microsoft says it’s still to early to tell, and that a week or two must pass for definite results to be seen.