Yesterday we reported on the seizing of hard drives and other equipment belonging to the Rustock botnet. This was a major victory for Microsoft. Email addresses were found on the hard drives. In addition, there are signs the drives were used in the TOR network.
Arstechnica is reporting that in the court report filed by Microsoft on Monday, additional info has come to light. Websites such as mail.ru and freesoft.ru were accessed on some of the systems used in the botnet. Some of the hosting for the servers was paid for by a Webmoney account, a payment system widely used in Russia. This is the account that was tied to the previously mentioned Vladimir Alexandrovich Shergin.
Microsoft has also revealed that another nickname is now associated with the botnet. Cosma2k is a nickname associated in part with the command and control servers. At this time, Microsoft has associated this nickname with some real names. According to Microsoft, they are following up on any leads. Microsoft does note that they have not received communication from any defendant possibly involved in the Rustock botnet. Microsoft says that the investigation is ongoing. They will continue to provide status updates as the investigation proceeds. However, one can now start to assume that there was likely some Russian involvement in this, at least by Russian hackers.