As many of you have probably read today Microsoft initiated a large scale take down operation called “Operation b49″ to behead the Waledac Botnet. This take down effort has definitely made a visible impact on the botnet as seen here in this recent image taken from my Waledac Botnet tracking scripts.
I applaud their efforts with this take down and now only time will tell if their strategy will have lasting impacts on this menace of a botnet. Waledac is a peer-to-peer botnet, so simply taking out command and control servers would not have a lasting impact and the botnet would quickly recover. By taking down the botnet at the domain (“.com”) level the individual peers within the botnet will no longer receive peering list updates, command and control instructions, and spam templates, but Waledac is resilient by design so additional actions have to occur for this take down to be completely successful and/or lasting.
The group and/or groups behind Waledac are most likely still scrambling to understand what occurred and where they went wrong, but with ties to the extinct “Storm Worm” of the past and the Zeus Trojan which has recently made the news headlines it is doubtful this will end their criminal efforts. Time will only tell us what the groups next move will be and with that I guess I will have to find another botnet to monitor, so I will be on the look out.
KUDOS to Microsoft and the behind the scene folks within the security community that aided in this effort!