Jump to content

Microsoft kills MacDefender scareware botnet


Recommended Posts

microsoft.pngMicrosoft's Digital Crimes Unit has shut down a botnet that was investigated for hosting the MacDefender scareware that preyed on Mac OS X users.

The botnet, known as Kelihos or "Waledac 2.0," has been linked to spam messages, ID-theft attacks, pump-and-dump stock scams and websites promoting the sexual exploitation of children, according to Microsoft senior attorney Richard Domingues Boscovich.

The botnet contained about 41,000 computers worldwide and was capable of sending 3.8 billion spam e-mails per day.

For the first time since Microsoft's anti-cybercrime team started disabling botnets, the company moved to the U.S. court system and identified a defendant that allegedly owned the domain that controlled the botnet.

In the complaint, Microsoft names Dominique Alexander Piatti alongside dotFREE Group SRO and John Does 1-22 and said they owned domains and subdomains that were used to operate and control the Kelihos botnet.

View the full article

Link to comment
Share on other sites

Operation b79 (against Kelihos) is behind the reason that the MRT update was re-issued this month from Windows Updates.

In other words, that's why Windows Update re-offered the MRT for September again after Tuesday 27th, even if you had already installed it following Patch Tuesday (which was on 13th).


Link to comment
Share on other sites

  • 2 weeks later...

They should have just let it be and let Apple deal with it.

It didn't directly affect Microsoft's customers anyways.

"AppleCare employees have been told not to assist callers in removing the software.Specifically, support employees have been told not to instruct callers on how to use Force Quit and Activity Monitor to stop Mac Defender, as well as not to direct callers to any discussions pertaining to the problems caused by Mac Defender."

Link to comment
Share on other sites

That's not why Microsoft acted.

Microsoft acted against a botnet installed on Windows computers, which

allowed the botnet to surreptitiously control a person’s computer and use it for a variety of illegal activities, including sending out billions of spam messages, harvesting users’ personal information (such as e-mails and passwords), fraudulent stock scams and, in some instances, websites promoting the sexual exploitation of children.

It also attacked Hotmail accounts.

It just happened to be operated from the same domain as the MacDefender scareware.


Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...