Takedown of fifth most widespread Virut Botnet

NASK the domain registrar that operates the “.pl” Polish top-level domain registry has seized multiple domains used for cyber crime activities by spreading Waledac malware distributed by the Virut botnet. According to Poland’s Computer Emergency Response Team, Virut was first detected in 2006 and became a serious threat with an estimated size of more than 300,000 compromised computers.

NASK said that on Thursday it began assuming control over 23 .pl domains that were being used to operate the Virut network. Virut was responsible for 5.5% of infections in Q3 2012, making it the fifth most widespread threat of the time.

They determined that botnet consists of more than 308,000 uniquely compromised machines and that its primary function is to pump out spam and other malicious emails. The most recent take down effort was in December 2012. Unfortunately, the Virut botnet gang managed to get the malicious botnet domain names moved to a new registrar called home.pl quickly.

Symantec reported that with some 77,000 Waledac infected machines within the Virut botnet generating an average of 2,000 spam messages an hour for somewhere between 8 and 24 hours a day.

The Virut take down effort clearly illustrates the important and meaningful role registries and registrars can play in the fight against cyber crime in general. How long the shut-down of Virut will last this time is unknown.

source: thehackernews.com