Microsoft takes down Rustock botnet, seizes equipment and files suit

Microsoft has unleashed its legal dragnet in an attempt to take down the Rustock botnet. According to WSJ, the botnet, which consists of approximately 150,000 computers around the globe, is capable of sending 30 billion spam messages a day. 150,000 is the most conservative estimate of its size, and some have measured the amount of infected PCs to be upwards of 24 million. Symantec has measured the botnet to be responsible for more than half of the spam messages in 2010.

Microsoft, with the help of federal law enforcement, seized physical computer equipment believed to be the command and control servers for the botnet. Agents went into facilities in Kansas City, MO,; Scranton, PA,; Denver, CO,; Dallas, TX,; Chicago, IL,; Seattle, WA,; and Columbus, OH to retrieve equipment in an effort to “decapitate” the operation, according to Microsoft officials.

Richard Boscovich, senior attorney in Microsoft’s digital crime unit, said that the operation “has been 100% effective.” After the seizure was complete, Microsoft issued a lawsuit to “John Does 1-11,” as no identities have surfaced as leaders of the botnet as of yet. Symantec reported that Rustock stopped all spam activity at roughly 11:30 PM EST Wednesday evening, just after Microsoft started its operation.

This is not the first time Microsoft has actively and aggressively taken steps to bring down a botnet operation. In February 2010, Microsoft helped take down the similarly huge Waledac botnet.  

Report a problem with article
Previous Story

Paramount's ''The Tunnel'' to be released on BitTorrent and DVD

Next Story

Nokia begins work on first Windows Phone handset

115 Comments

View more comments

Gaffney said,
I use to get a lot of spam but after banning around 400 e-mail addresses and around 100 domains I've got it down to around 1-2 spam per week. All thanks to the banning system in hotmail. It use to be around 20 spam messages per day.

Wow, good job. I can't seem to ban enough domains.

Gaffney said,
I use to get a lot of spam but after banning around 400 e-mail addresses and around 100 domains I've got it down to around 1-2 spam per week. All thanks to the banning system in hotmail. It use to be around 20 spam messages per day.
Hey why not make that list of banned domains available? I'd like to get my hands on it. I would love to keep cutting down on my spam headaches.

Most all my spam is coming from Romania and lately Colorado. Hope they put the screws to those spammers until it hurts.

They will be up and runing in no time as there is a lot of money in the spam business :

New Analysis Shows Pushdo Botnet Sent Trillions of Spam Emails, Generated Millions in Profits

A new, detailed analysis of the operations of the infamous Cutwail/Pushdo botnet shows that the network, which had been he target of several takedown attempts in the last couple of years, is not only amazingly resilient, but also is incredibly prolific, with one section of the botnet sending more than 1.7 trillion spam messages, and quite profitable, generating as much as $4 million in profits for its owners.

http://threatpost.com/en_us/bl...campaign=Newsletter&CID=


alexalex said,
They will be up and runing in no time as there is a lot of money in the spam business :

New Analysis Shows Pushdo Botnet Sent Trillions of Spam Emails, Generated Millions in Profits

A new, detailed analysis of the operations of the infamous Cutwail/Pushdo botnet shows that the network, which had been he target of several takedown attempts in the last couple of years, is not only amazingly resilient, but also is incredibly prolific, with one section of the botnet sending more than 1.7 trillion spam messages, and quite profitable, generating as much as $4 million in profits for its owners.

http://threatpost.com/en_us/bl...campaign=Newsletter&CID=


Man, I'm in the wrong business.

J_R_G said,

Man, I'm in the wrong business.

Yes, You are.

It is a shame not to take adnvantage of 1 Billion suckers using Windows and Adobe's Pdf & Flash apps. Here is a story by a "Security conscious " Windows User :

Stopping StopZilla
Earlier today, I clicked on the link in this newsletter to "Remove Visa Advanced Verification Pop Up" which sent me to the StopZilla web page. Since I took the fact that you put this link in your newsletter to mean that you supported and recommended them, I thought I was okay. It turned out not to be the case. Anyway, after downloading and installing the software, running it found about 30 issues of Trojan horses on my system. This was less than 24 hours after I had run VIPRE in safe mode as well as Malware's Anti-malware also in safe mode. Yesterday they each found no problems. Today, StopZilla finds a bunch. I instructed StopZilla to remove the problems it had found. I then get a message advising that I must have the full version to do this. After I agreed to the $39.95, I attempted to activate the software. I ran into some problems so I called IS3 and after a lengthy session where they never did tell me why I couldn't activate the software.

They asked if they could take control of my machine to see what the problem was and I agreed. After some lengthy exploration of my computer they came up with a huge number of programs which had each terminated prematurely and left data still active. They said that this could cause my computer to have heart failure and any other computers on my network would have the same issues. They advised that there were a number of solutions available to me but suggested that the best of those was to pay them a cool $395.00 and they would remotely solve all my problems. I told the techie that I used Sunbelt's VIPRE and that I wanted to talk to you guys about this. I told him that I had learned of StopZilla in Sunbelt's newsletter. He advised that he had never heard of Sunbelt or VIPRE. That didn't set too well with me so I just told him no thanks for now.

SunbeltSecurityNews .

I have noticed I started to get a considerably less amount of spam email for my MSN account this week.

Well my mailbox is already seeing results. 100000 less email. No more penus enlargement pills for you baby. THey offer that to my wife. She ait got one!

enocheed said,
Well my mailbox is already seeing results. 100000 less email. No more penus enlargement pills for you baby. THey offer that to my wife. She ait got one!

you sure?
btw a clitorus is an undeveloped penis

enocheed said,
Well my mailbox is already seeing results. 100000 less email. No more penus enlargement pills for you baby. THey offer that to my wife. She ait got one!

Yeah, maybe they thought she'd want to buy it as an anniversary gift. Penis enlargement pills make great stocking stuffers, and it's not too late to get some for those Easter baskets! Ha ha, I kid, but hey - a great saleman hits all the targets, you know!

Wish Google would join in already. I still get 100+ spam emails a week to a few accounts that no one could ever guess the user name nor have I ever, not once posted anywhere online.

war said,
Wish Google would join in already. I still get 100+ spam emails a week to a few accounts that no one could ever guess the user name nor have I ever, not once posted anywhere online.

Google's spam filter is excelent in recognising spam mail and directing it to the spam folder. Whenever you post your email address on a forum , site or social network, it is havested by hackers and sold to spam rings. Just Google your email address.

alexalex said,

Google's spam filter is excelent in recognising spam mail and directing it to the spam folder. Whenever you post your email address on a forum , site or social network, it is havested by hackers and sold to spam rings. Just Google your email address.

Yes I know that. But just for the hell of it I searched my private email account and not one hit. Tried google, bling, 37.com, etc. Not 1 result, as expected.

So makes me wonder how they got it. Very suspicious.!

Taking down a botnet is good.
Reducing spam is good.
Those 2 *results* are bad only if you benefit from either. Simple logic.

OTOH corp & gov & people for that matter aren't for the most part good OR bad, so the process of taking down the botnet, how it was done, by whom, & how decisions were made should all be looked at. Any ties formed between MS & gov & law enforcement as a result of this op should also IMHO be watched, e.g. does this make it easier for MS to try taking down other servers in the future for different reasons? In that respect it's the same sort of lobbying effort as the MPAA hiring the former sen. Dodd as CEO.

Now all MS need to do is add the crapware to either MSE's database or perhaps the windows malicious software removal tool

Commenting is disabled on this article.