Microsoft Wins Major Victory Against Zombie PC Networks

Microsoft has convinced a judge to grant it legal ownership of 276 web domains previously used to control networks of infected PCs. It's the first time this has happened, and the company believes it could be used as a legal weapon.

The case involves a botnet, created from computers infected with the Waledeac worm. A botnet is short form for "robot network" -- or quite simply, a network of infected computers controlled by one or few individuals.

Botnet Sends 1.5 Billion Spam Email Messages Per Day

At one point an estimated 80,000 computers were under part of the botnet and were being used to send 1.5 billion spam emails every day, around one per cent of the global total.

Hackers (and spammers) commonly use the tactic of infecting PCs and sending spam messages in order to legitimize (and fool) Email Service Providers (ESPs). Before such a tactic was invented, spam emails typically came from only 1 source, making unsolicited messages easier to detect and refuse.

Legal Action Cuts Problem Domains Off

While Microsoft distributed tools to help remove threats such as the Waledac worm, it was legally restricted in what it could do to prevent infected computers from being controlled after the fact.

That changed earlier this year, when it began a case against the owners of the domains which issued instructions to the infected machines.

A court ruled in February that traffic to and from these domains should be cut, which effectively meant the website addresses no longer hooked up to the specific machines issuing command-and-control orders, thus leaving infected machines unable to make contact with their master.

In addition, Microsoft was able to take "ethical countermeasures to downgrade much of the remaining peer-to-peer command and control communication" with a clear conscience. (Source: technet.com)

Microsoft Given Permanent Ownership of Botnet Domains

Although the owners of the domains didn't respond to the court action, they did respond in the form of an attempted cyber-attack on Microsoft lawyers and researchers. The company went back to court this week to argue that this proved the defendants were aware of the case but had chosen not to defend it.

On this basis, Microsoft requested that the court give it permanent ownership of the domains in order to prevent future use of the botnet. In what is being seen as an unusual ruling, the court has agreed to this forcible transfer of ownership.

The defendants will have 14 days to object and make their case; otherwise, the ruling will automatically take effect. Given the history of the case and the potential for individuals to face criminal charges, it seems a virtual lock that there won't be any objection. (Source: technet.com)

Legal Technique To be Used Again

Microsoft has indicated that it will use this tactic again in the future. A senior company attorney, Richard Boscovich, says "It's open season on botnets. The hunting licenses have been handed out, and we're coming back for more." (Source: usatoday.com)

One drawback is that the technique will only work for web domains that come under US jurisdiction, such as those ending in .com, .net and .org. Although that takes care of a large proportion of domains, it leaves plenty of country-specific domains where other tactics will be required.