Q&A: Microsoft’s botnet wrangler on the fight against Internet crime

TechFlash has an interview with a Microsoft senior attorney Richard Boscovich.  Boscovich is a former federal prosecutor that Microsoft hired in 2008 and has been newsworthy recently for taking down the Waledac botnet in February 2010.

Read the full interview here, below are a couple of excerpts:

The botnet you’ve been going after lately is “Waledac.” Is it the king? Or was it the king?

Boscovich: Waledac was not chosen because it was the biggest or the smallest. We knew that it was a problem botnet. At one point it had upwards of 170,000 active infected computers, and it put out a lot of spam. It was not the largest in size, but it was a very sophisticated botnet that had a dual command-and-control structure. That’s what we found intriguing. It had a domain name (centralized) command-and-control structure. But it also had another, peer-to-peer command-and-control structure, almost like a fallback in which computers could communicate with each other and get directions. We felt that this was a great botnet to target so that we could use some novel technical countermeasures, and at the same time apply our legal theory on a bot.

Do you now plan to use the precedent that was set in the Waledac case to go after other botnets in a similar way?

Boscovich: Well, all bots are very different. The way I understand the question is, once we get that final order from the district court, and the case is finally closed, is this precedent for similar operations for similar bots? Absolutely. You can replicate this. We did this in cooperation with Symantec, University of Washington, German researchers, Shadowserver. So other companies, they, too, can utilize this now. Do we plan on having other operations in the future? Yes. In fact, we will be having operations in the near future. I can't get into specifics now. I think you'll see, again, both technical and new, novel legal techniques being used.  [tzink note: This is similar to what I wrote about earlier] Once again, we're looking at certain things and asking if there are traditional statutes that are there that we can, by analogy, use to take down a bot that may have a different command-and-control structure. We think this is very exciting, in terms of using the legal process to address this problem.

What do you do to ensure that your own machine doesn’t become subject to one of these botnets?

Boscovich: I do what Microsoft has been telling consumers for years. No. 1, you always make sure you update. Automatic updates are turned on. Every type of update that the software has. And of course, antivirus -- it’s crucial to keep updated antivirus on your system. Waledac is a clear example where there were antivirus signatures out there already. If you had up-to-date antivirus, chances are you would have been able to stop your computer from being infected, even though it was a social engineering attack.

Good stuff.

Skip to main content