Final Score: MS–1, “Rustock” Botnet

Published on March 19, 2011 By DrJBHL In Personal Computing

Microsoft has brought down Rustock, a notorious botnet responsible for sending billions of spam emails, the company said in a blog post.

Microsoft said the botnet had infected millions of computers and was sending out fake Microsoft lottery scams, and offers to sell fake prescription drugs.

Here is some detail from Microsoft’s blog:
“Today, I’m happy to announce that based on the knowledge gained in that effort, we have successfully taken down a larger, more notorious and complex botnet known as Rustock. This botnet is estimated to have approximately a million infected computers operating under its control and has been known to be capable of sending billions of spam mails every day, including fake Microsoft lottery scams and offers for fake – and potentially dangerous – prescription drugs.”

After receiving permission from the US District Court for the Western District of Washington, Microsoft has mounted a coordinated action with the US Marshals Service and executed a number of online and offline actions that resulted in Rustock's takedown.

"Specifically, servers were seized from five hosting providers operating in seven cities in the U.S., including Kansas City, Scranton, Denver, Dallas, Chicago, Seattle, Columbus and, with help from the upstream providers, we successfully severed the IP addresses that controlled the botnet, cutting off communication and disabling it."

"Microsoft also worked with the Dutch High Tech Crime Unit within the Netherlands Police Agency to help dismantle part of the command structure for the botnet operating outside of the United States. Additionally, Microsoft worked with CN-CERT in blocking the registration of domains in China that Rustock could have used for future command and control servers."

Now is the time to work on cleaning up the huge number of infected computers. Maybe putting the fix in an MS Tuesday update might help? Not really. It’s going to take a lot of work to do that.

Oddly enough, what led to Rustock’s downfall was the use of MS’s logo which is tm’d. That abuse gave the Court the ability to OK the takedown.

I.P. really does count for something!

Comments

Uvah

on Mar 19, 2011

Score one for the good guys. Nice!

Kitkun

on Mar 19, 2011

Yay.

Heavenfall

on Mar 19, 2011

More like MS+police 1 - Spammers 6 000 000 000 000 000 (that's a lot of zeroes!)

DaveRI

on Mar 19, 2011

Well I gripe about them when I think they deserve it so I guess this time I should say

Way to friggin' go Microsoft!

DrJBHL

on Mar 19, 2011

Now that their servers have been taken down, the infected computers have no CnC to control them... as for other botnets? They can see the handwriting on the wall: "You're history."

Me likes a whole lot.

BTW... check this out: http://www.huffingtonpost.com/2011/03/17/microsoft-most-ethical-company_n_837003.html

Disturbedcomputer

on Mar 19, 2011

it just scraped the tip of the Iceberg but it's a start

Uvah

on Mar 19, 2011

Google is facing antitrust scrutiny from the US government? Who'da thunk it. Starkers is gonna go ga ga over this.

LightStar

on Mar 19, 2011

Yes!

starkers

on Mar 20, 2011

Google is facing antitrust scrutiny from the US government? Who'da thunk it. Starkers is gonna go ga ga over this.

Ga ga? Try 'goo goo ga ga, goo goo, go US Gov''t. I'd love to see Google brought down a notch or 3 x 3 x 3 x 3 x 3 x 3 x3 ................... x 3 x 3

As for the bot take-down, the process would be a whole lot more satisfying if they actually had hands on the bastards behind it... like arrests and instant gonad removal.

pacov

on Mar 20, 2011

Thanks for the post. Really happy to hear that one less nasty thing will be out and about on the internet.

Side note... does MS give a rip if their name isn't used? Wonder what keeps the same thing from happening if another IP is used...

Frankief

on Mar 20, 2011

The sad thing I see about this is that there are thousands of folks whose computers are infected and they don't even have a clue! It amazes me the amount of people that do not protect their systems from such as this!

Dr Guy

on Mar 21, 2011

DrJBHL

reply 5

BTW... check this out: http://www.huffingtonpost.com/2011/03/17/microsoft-most-ethical-company_n_837003.html

Eh - they are entitled to their opinion. Their taking down the botnet is a good thing, but Microsoft is not the most or even very ethical. I still remember DR DOS, WordPerfect, Corel Draw, Easy Calc 123, etc. And those are just cases they lost.

DaveRI

on Mar 21, 2011

^ Ya the article makes a quick reference to their past antitrust suits and then kind of says "after that". On the one hand it's good that they're doing what they're doing now. On the other hand, I suspect it's a lot easier to be ethical and take the high road after you've savagely obliterated your competition.

Dr Guy

on Mar 21, 2011

DaveRI

reply 13

^ Ya the article makes a quick reference to their past antitrust suits and then kind of says "after that". On the one hand it's good that they're doing what they're doing now. On the other hand, I suspect it's a lot easier to be ethical and take the high road after you've savagely obliterated your competition.

Very True!

Welcome Guest! Please take the time to register with us.
There are many great features available to you once you register, including:

Richer content, access to many features that are disabled for guests like commenting on the forums.
Access to a great community, with a massive database of many, many areas of interest.
Access to contests & subscription offers like exclusive emails.
It's simple, and FREE!