In the battle against Internet Scammers, Microsoft opened a new front using the power of a U.S. court to deal a knockout blow to an emerging botnet and taking a provider of free Internet domains offline.
Microsoft got the order from the U.S. District Court for the Eastern District of Virginia, Alexandria Division, telling top-level domain registrar Verisign to take down the domains on Septtember 22, but it was sealed until Monday.
The website take-down occurred just after midnight, Pacific Time, Monday.
Microsoft used the same technique that worked for its earlier takedowns of the Rustock and Waledac botnets, asking a U.S. court to order Verisign to shut down 21 Internet domains associated with the command-and-control servers that form the brains of the Kelihos botnet.
Kelihos is a small botnet with 42,000 – 45,000 infected computers in the wild.
However, Verisign were responsible for sending a little under 4 billion spam messages per day.
These included junk mails related to stock scams, pornography, illegal pharmaceuticals and malicious software, amongst others.
Technically, the botnet looked a lot like Waledac.
Malicious sites on the ‘cz.cc’ domain had previously been used to trick Macintosh users into thinking they needed to buy a bogus security program called MacDefender.
Usually, the bad guys select whichever domain is the cheapest and most reliable. Furthermore, they use a series of tricks to spread malware like MacDefender and many more with the help of bulk subdomains.
In some cases more than 50,000 malware domains are found to be from a single bulk provider.