The jury is out on Microsoft Corp.’s new weapon in the fight against cybercriminals: the courts.
A federal judge on Monday granted the company’s request for a court order to deactivate nearly 300 Internet addresses with a suspected link to the Waledac botnet, which pushes spam out of a worldwide network of PCs.
"We aim to be more proactive in going after botnets to help protect the internet," Richard Boscovich, the head of Microsoft's digital crime unit, told the BBC
. "This was a worldwide problem and we scored a big, big victory," he added.
Security experts interviewed by the Wall Street Journal
, however, say it is not yet clear how effective the effort will be. The newspaper reported: “…the Internet addresses Microsoft has brought down could be only a small percentage of the ones used by hackers to control the network. ‘The botnet will survive this in many cases,’ said Jose Nazario, a researcher at cyber-security company Arbor Networks.”
Online rights groups also have concerns. According to the WSJ:
...[Executive Director of the Electronic Privacy Information Center Marc] Rotenberg also worries that actions like Microsoft's might become a form of "vigilantism" that entangles innocent victims. Indeed, the single U.S.-based registrant of a suspect Internet address in Microsoft's complaint, Stephen Paluck of Beaverton, Ore., said he was doing nothing wrong from his Internet address, Debtbgonesite.com. "I want it back," Mr. Paluck said.
Microsoft told the WSJ that the Internet addresses were carefully analyzed to ensure that only those being used for suspicious activity were targeted and that Paluck’s address may have been infiltrated by a hacker.