The Register reports security researchers from FireEye managed to eliminate Ozdok, a massive botnet that was once responsible for about a third of the world's spam. FireEye employees claim they managed to kill the botnet with a coordinated blitz on dozens of its command and control channel. Unfortunately, end users are not expected to see a sharp drop in spam emails because many email servers already deployed blacklists to filter emails send from IP addresses known to be used by this botnet.
The takedown effort is significant because it shows that a relatively small company can defeat a for-profit network that took extraordinary measures to ensure it remained operational. Not only did Ozdok reserve a long list of domain names as command and control channels, it also used hard-coded DNS servers. When all else failed, its software was able to dynamically generate new domain names on the fly.
With head chopped off of Ozdok, more than 264,000 IP addresses were found reporting to sinkholes under FireEye's control, an indicated of the massive number of zombies believed to have belonged to the botnet. FireEye researchers plan to work with the ISPs to identify the owners of the orphaned bots so their owners can clean up the mess.