Before its eventual take down the Waledac botnet consisted of an estimated 70,000-90,000  computers infected with the "Waledac" computer worm. The botnet itself was capable of sending about 1.5 billion spam messages a day, or about 1% of the total global spam volume.
On February 25, 2010, Microsoft won a court order which resulted in the temporal cut-off of 277 domain names which were being used as command and control servers for the botnet, effectively crippling a large part of the botnet. However, besides operating through command and control servers the Waledac worm is also capable of operating through peer-to-peer communication between the various botnet nodes, which means that the extent of the damage is difficult to measure. Codenamed 'Operation b49', an investigation was conducted for some months which thereby yielded an end to the 'zombie' computers. More than a million 'zombie' computers were brought out of the garrison of the hackers but still infected.
- "Waledac". M86 Security. 2009-04-20. Retrieved 2010-07-30.
- Whitney, Lance (2010-02-25). "With legal nod, Microsoft ambushes Waledac botnet | Security - CNET News". News.cnet.com. Retrieved 2010-07-30.
- Claburn, Thomas. "Microsoft Decapitates Waledac Botnet". InformationWeek. Retrieved 2010-07-30.
- "Waledac Botnet - Deployment & Communication Analysis". FortiGuard. 2009-09-30. Retrieved 2010-07-30.
- Acohido, Byron (2010-09-08). "Microsoft gets legal might to target spamming botnets". USA Today.
- Technical analysis of the Waledac worm
- Is the infamous Waledac botnet out of the picture or not? | TechRepublic.com