Critics Wary of Microsoft's Waledac Botnet Takedown

Dennis Faas's picture

Microsoft recently administered a devastating blow to the Waledac botnet, one of the world's biggest networks of compromised computers and as such a huge contributor of spam and malware to the world wide web.

One would think this was good news for Internet users everywhere (and in many ways, it is) -- however, some critics are wondering if the end justified the means.

Microsoft Sidesteps ISPs

According to Richard Boscovich, Microsoft's senior attorney within its Digital Crimes Unit, the attack on Waledac began when Microsoft filed a formal complaint with the U.S. District Court of Eastern Virginia. Last week, that court ordered a temporary restraining order forcing VeriSign, the registry operator for every .com domain, to sever those domains operated under Waledac.

In essence, this means Microsoft was granted permission by a Virginia court to leapfrog Internet Service Providers (ISPs) in cutting off those web domains known to be affiliated with the Waledac botnet.

277 Internet Domains Shut Down

Microsoft, which has dubbed the crusade "Operation b49," through the process successfully shut down 277 Internet domains known to have provided command and control functionality to the botnet. (Source:

"Operation b49 has effectively shut down connections to the vast majority of Waledac-infected computers, and our goal is to make that disruption permanent," Microsoft's Tim Cranton, company associate general counsel, recently noted in a blog post.

Operation b49 could have a dramatic impact on spam operations. During a three week period in December of last year, Microsoft said it could trace 651 million spam messages found in Hotmail to the Waledac botnet. That's not including the millions more that might have affected Yahoo! Mail, Gmail, and similar.

Critics Question Microsoft's Actions

Critics fear that Microsoft's action compromises the international flavor of the "world wide" web, where access to information is without borders and restriction.

"What it basically says about .com... is that those domains are ultimately subject to control by a U.S. court," said Los-Angeles attorney Bret Faussett.

"While it makes sense to me to use the domain name registration as a way to redress abusive activities on the net, I do have concern about the standards that are used to justify such actions," added Inter-Working Labs, Inc. CTO Karl Auerbach. (Source:

In essence, not only is there concern that the web is being unfairly administered stateside, but that if a mistake is made, it's difficult to rectify that situation.

"For example, is the initiating party and registry required to put up a bond just in case their actions ultimately prove unjustified or caused harm to innocent third parties?" Auerbach said.

Rate this article: 
No votes yet