Researchers have successfully knocked a major botnet offline. The Mega-D botnet was shut down by a team at FireEye. The researchers attacked the botnet by registering some domains meant for the botnet’s command and control servers and shutting down others. As a result it stopped sending spam immediately.

The attack began with abuse complaints being sent to the ISPs where Mega-D was being hosted. Nearly all the complaints were successful. Then the researchers began working with domain registrars to shut down the primary domains of the CnC channels, registered domains on Mega-D’s CnC list and registered some of the not yet generated ones (the botnet is programmed to generate new domains based on the date and time to back up its own list) for a total of three days to further cripple the botnet.

In the process of crippling the botnet, FireEye gained CnC control, which it used to help the owners of the zombie computers in it regain control of their PCs.

While Mega-D has for now completely stopped sending spam, researchers say it is only a matter of time before it comes back to life. To keep the botnet offline for good they’d have to keep registering future domains to stay ahead of it. This is still very good news. Mega-D is one of the largest botnets on the net and is responsible for pumping out billions of spam messages, most hawking fake supplements, shady internet pharmacies, and male enhancement products. FireEye’s experiment has proven that maybe, just maybe, bot herders aren’t quite as smart as they think they are.