Waladec would be just another botnet that churned out spam if it weren’t for Microsoft’s groundbreaking approach to stop it. The botnet — which first began noticeably proliferating in January 2009 — was sending 1.5 billion spam messages daily. Microsoft’s Hotmail accounts were among the hardest hit, receiving an estimated 650 million Waladec spam messages.

Microsoft’s initial technological approach to stopping Waladec wasn’t having much of an impact. PC users had access to a free malicious software removal tool coded to find and eliminate Waladec, but given the botnet’s wide reach, cleaning computers one by one didn’t help. After all, Botnets are inherently faster than humans. This forced Microsoft to get creative, as Bill Gates and company went to the courts.

Microsoft seizes control

In February 2012, a federal judge in Alexandra, Virginia, granted Microsoft’s request for an “ex parte TRO,” or a temporary restraining order in which the other side isn’t notified. In other words, without giving the cybercriminals a heads-up, the judge gave Microsoft control of the 276 domains used at the time by Waladec’s creators to spread the malware. This allowed Microsoft to shut down U.S.-registered domains pushing out Waladec spam, thus cutting off domain-level access to the botnet. Then, Microsoft worked with security organizations worldwide to take down servers and control channels. This one-two punch was part of the new Microsoft Active Response for Security, or MARS.

MARS stopped Waladec in its tracks — at least temporarily. The botnet is still on the loose, just not quite as prolific. Still, Waladec is credited by some for a November 2015 increase in the price of stock for a U.S. marijuana cultivation firm, proving that at least some people read their spam.

Subscribe to SmaterMSP

Photo: Stock Studio / Shutterstock

Kate Johanns

Posted by Kate Johanns

Kate Johanns is a communications professional and freelance writer with more than 13 years of experience in publishing and marketing.

Leave a reply

Your email address will not be published. Required fields are marked *