MS: What We Know (and Learned) from the Waledac Takedown
Very interesting article from the MSRC: Recently, following an investigation to which various members of the MMPC contributed, Microsoft’s Digital Crimes Unit initiated a takedown of the Waledac botnet in an action known as Operation b49, an ongoing operation to disrupt the botnet for the long term.
To effectively counter a botnet like Waledac, we knew a multi-layered approach was needed — one that included peer-to-peer communication disruption through technical countermeasures, domain-level takedowns to disrupt the phone home communications between zombie PCs and the command and control servers for Waledac, and traditional server takedowns to sever the back-end command and control mechanisms most directly under the control of the bot master(s).
-Urs