Waledac, also known by its aliases Waled and Waledpak, was a botnet mostly involved in e-mail spam and malware. In March 2010 the botnet was taken down by Microsoft.[1][2]
Operations
Before its eventual takedown, the Waledac botnet consisted of an estimated 70,000โ90,000 computers infected with the "Waledac" computer worm.[1] The botnet itself was capable of sending about 1.5 billion spam messages a day, or about 1% of the total global spam volume.[2][3]
On February 25, 2010, Microsoft won a court order which resulted in the temporary cut-off of 277 domain names which were being used as command and control servers for the botnet, effectively crippling a large part of the botnet.[4] However, besides operating through command and control servers the Waledac worm was also capable of operating through peer-to-peer communication between the various botnet nodes, which means that the extent of the damage was difficult to measure.[5]
Codenamed 'Operation b49', an investigation was conducted for some months which thereby yielded an end to the 'zombie' computers. More than a million 'zombie' computers were brought out of the garrison of the hackers but still infected.[6]
In early September 2010, Microsoft was granted ownership of the 277 domains used by Waledac to broadcast spam email.[7]
The botnet was particularly active in North America and Europe and India, Japan and China.[8]