NASK said that on Thursday it began assuming control over 23 .pl domains that were being used to operate the Virut network. Virut was responsible for 5.5% of infections in Q3 2012, making it the fifth most widespread threat of the time.
They determined that botnet consists of more than 308,000 uniquely compromised machines and that its primary function is to pump out spam and other malicious emails. The most recent take down effort was in December 2012. Unfortunately, the Virut botnet gang managed to get the malicious botnet domain names moved to a new registrar called home.pl quickly.
Symantec reported that with some 77,000 Waledac infected machines within the Virut botnet generating an average of 2,000 spam messages an hour for somewhere between 8 and 24 hours a day.
The Virut take down effort clearly illustrates the important and meaningful role registries and registrars can play in the fight against cyber crime in general. How long the shut-down of Virut will last this time is unknown.
About the author