Before its eventual takedown, the Waledac botnet consisted of an estimated 70,000-90,000 computers infected with the "Waledac" computer worm. The botnet itself was capable of sending about 1.5 billion spam messages a day, or about 1% of the total global spam volume.
On February 25, 2010, Microsoft won a court order which resulted in the temporal cut-off of 277 domain names which were being used as command and control servers for the botnet, effectively crippling a large part of the botnet. However, besides operating through command and control servers the Waledac worm is also capable of operating through peer-to-peer communication between the various botnet nodes, which means that the extent of the damage is difficult to measure. Codenamed 'Operation b49', an investigation was conducted for some months which thereby yielded an end to the 'zombie' computers. More than a million 'zombie' computers were brought out of the garrison of the hackers but still infected.
- "Waledac". M86 Security. 2009-04-20. Retrieved 2010-07-30.
- Goodin, Dan (2010-03-16). "Waledac botnet 'decimated' by MS takedown; Up to 90,000 zombies freed". theregister.co.uk. London, UK: The Register. Retrieved 2014-01-09.
- Whitney, Lance (2010-02-25). "With legal nod, Microsoft ambushes Waledac botnet | Security - CNET News". News.cnet.com. Retrieved 2010-07-30.
- Claburn, Thomas. "Microsoft Decapitates Waledac Botnet". InformationWeek. Retrieved 2010-07-30.
- Leyden, John (2010-02-25). "MS uses court order to take out Waledac botnet; Zombie network decapitated. For now". theregister.co.uk. London, UK: The Register. Retrieved 2014-01-09.
- "Waledac Botnet - Deployment & Communication Analysis". FortiGuard. 2009-09-30. Retrieved 2010-07-30.
- Help Net Security. "Microsoft cripples the Waledac botnet". Net-security.org. Retrieved 2014-01-09.
- Acohido, Byron (2010-09-08). "Microsoft gets legal might to target spamming botnets". USA Today.