Wielding Sealed TRO, Microsoft Shuts Down 270+ Web Addresses in Ex Parte Botnet Battle
Posted Feb 25, 2010 3:47 PM CST
By Martha Neil
In a litigation tactic that reportedly has never been tried before to combat a global malicious software attack, Microsoft Corp. won a sealed temporary restraining order in an ex parte "John Doe" federal court action in Virginia this week. It allowed the company to shut down, without prior notice to the defendants, more than 270 Web addresses linked to the Waledac botnet.
By cutting off communications between the command and control centers of the alleged scheme and the tens of thousands of drone computers infected with malicious software that they remotely operate for their own purposes, the company has walled off the zombies from the bot-herders' control, explains associate general counsel Tim Cranton in an Official Microsoft Blog post.
Senior attorney Richard Boscovich of Microsoft's World Wide Internet Security Program also explains the concept in a video linked to an article in the Microsoft Blog of the Seattle Post-Intelligencer.
However, infected computers still need to be cleansed. Some 30,000 to 90,000 personal computers worldwide may be affected, according to the Wall Street Journal (sub. req.).
Microsoft began notifying affected website owners today, after the protective order was lifted. They will have until March 8 to contest the shutdown order (PDF) issued Monday by U.S. District Judge Leonie Brinkema of the Eastern District of Virginia. It followed a private hearing in Alexandria in response to Microsoft's lawsuit (PDF) filed earlier that same day. (The PI blog provides the links to both filings.)
The order required VeriSign Inc., which oversees all domain names ending in .com, to disable the Web addresses identified in the order.
The Waledac botnet was thought to be capable of sending 1.5 billion spam messages daily. They could be used, among other purposes, to shut down a website with a flood of e-mails.
"This legal and industry operation against Waledac is the first of its kind, but it won’t be the last," Cranton writes in Microsoft's blog.
CNET News: "With legal nod, Microsoft ambushes Waledac botnet"
TechRadar: "Microsoft gets legal approval to kill botnet"