It's unclear whether the takedown got investigators any closer to the criminal gang behind Waledac. Researchers are studying the botnet's internals closely for any clues and paths to the people behind the botnet. "Sometimes when dealing with organized cybercriminal entities or nation-states, the hardest thing is identifying the source," says Rich Baich, leader of the Cyber Threat Intelligence Group at Deloitte. "It takes a significant amount of time" he says, to break through all of the layers cybercriminals place between themselves and the victims.
Meanwhile, there's still some cleanup to do: Remnants of Waledac are still being wiped out, and the former Waledac bots are still infected with the bot's malware. Microsoft recommends customers check out its Protect Your PC guidelines and run its Malicious Software Removal Tool to scan for and clean up any Waledac infections.
Shadowserver is beginning to notify network owners about the bot-infected machines on their networks, DiMino says.
The team who took down Waledac expects the gang will try to reinvent itself yet again, as it did from Storm to Waledac. "This botnet is pretty much done," says the researcher at University of Mannheim. "In my opinion, they are now back to coding and developing a new form of the botnet."
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.
