In partnership with security vendors and law enforcement officials, Microsoft implemented "Operation b49" and moved to the federal courts to get a temporary restraining order cutting off 277 Internet domains believed to be run by criminals as the Waledac bot.
According to Microsoft associate general counsel Tim Cranton, the action quickly and effectively cut off traffic to Waledac at the “.com” or domain registry level, severing the connection between the command and control centers of the botnet and most of its thousands of zombie computers around the world.
(A map of Waledac infections around the world in a recent 24 hour period).
The company said it took additional technical countermeasures to downgrade much of the remaining peer-to-peer command and control communication within the botnet.
Three days into the effort, Operation b49 has effectively shut down connections to the vast majority of Waledac-infected computers, and our goal is to make that disruption permanent. But the operation hasn’t cleaned the infected computers and is not a silver bullet for undoing all the damage we believe Waledac has caused. Although the zombies are now largely out of the bot-herders’ control, they are still infected with the original malware.
Waledac is one of the 10 largest botnets in the US and is responsible to distributing billions of spam messages around the world. According to Microsoft, the botnet is estimated to have infected hundreds of thousands of computers around the world and, prior to this action, was believed to have the capacity to send over 1.5 billion spam emails per day.
In a recent analysis, Microsoft found that between December 3-21, 2009, approximately 651 million spam emails attributable to Waledac were directed to Hotmail accounts alone, including offers and scams related to online pharmacies, imitation goods, jobs, penny stocks and more.