Share via


MS: What We Know (and Learned) from the Waledac Takedown

Very interesting article from the MSRC: Recently, following an investigation to which various members of the MMPC contributed, Microsoft’s Digital Crimes Unit initiated a takedown of the Waledac botnet in an action known as Operation b49, an ongoing operation to disrupt the botnet for the long term. 

To effectively counter a botnet like Waledac, we knew a multi-layered approach was needed — one that included peer-to-peer communication disruption through technical countermeasures, domain-level takedowns to disrupt the phone home communications between zombie PCs and the command and control servers for Waledac, and traditional server takedowns to sever the back-end command and control mechanisms most directly under the control of the bot master(s).

https://blogs.technet.com/mmpc/archive/2010/03/15/what-we-know-and-learned-from-the-waledac-takedown.aspx

-Urs