Last Wednesday, Microsoft announced that it had been granted a court order that yanked nearly 300 sites from the Internet. Microsoft said those sites were a key link between hackers and the PCs that make up the Waledac botnet. The legal tactic garnered accolades from many security professionals as a precedent-setting move and resulted in what Microsoft called “a major botnet takedown”, a fact that some researchers dispute.
Microsoft has several other botnets in its sights, and believes it can use the same legal tactics against their command-and-control centers. “This shows it can be done,” said Richard Boscovich, senior attorney with Microsoft’s Digital Crimes Unit. “Each botnet is different, of course, but this is another arrow in the quiver. This is not the last effort. We have other operations on the drawing board.” But the company also admitted that it had not yet severed all communications between the controllers of Waledac and the thousands of compromised Windows computers used by hackers to pitch bogus security software and send a small amount of spam.