Microsoft Claims Rustock Botnet Takedown

Have you missed your daily dose of spam emails advertising everything from Viagra to fake pharmaceuticals and watches this week? According to a link spotted on eWeek, Microsoft is claiming responsibility for the takedown of the massive Rustock botnet, which stopped sending out spam midmorning on 16 March 2011.

This operation, known as Operation B107, is the second high-profile takedown in Microsoft’s joint effort between Microsoft Digital Crimes Unit (DCU), Microsoft Malware Protection Center and Trustworthy Computing – known as Project MARS (Microsoft Active Response for Security) – to disrupt botnets and begin to undo the damage the botnets have caused.

The previous operation against the Waledac botnet (B49) followed a judgement by the US District Court of Eastern Virginia, that upheld a recommendation to grant Microsoft’s motion for the transfer of the domains behind the Waledac botnet to Microsoft.

The Rustock Botnet is estimated to have infected up to 1.7 million computers worldwide, and up to the end of 2010 may have been responsible for almost 50% of the spam sent worldwide. At times Rustock was capable of sending 30 billion spam e-mails per day.

The Rustock Botnet was identified as being more complicated than the Waledac botnet, using hard coded IP addresses rather than domain names, and peer-to peer command and control servers. To combat this Microsoft obtained a court order allowing them to work with the U.S. Marshals Service to physically capture evidence onsite and, in some cases, take the affected servers from hosting providers for analysis.

The amount of computers which can be linked in a botnet is mind boggling, and because the bots are so versatile their use is limited only be the imagination of their controller, or bot-herder.

In order to combat botnets, Microsoft encourage every computer owner to make sure their machine isn’t doing a criminal’s dirty work. If you believe your computer may be infected by Rustock or other type of malware, we encourage you to visit support.microsoft.com/botnets for free information and resources to clean your computer.

Further links and resources

Finally, for everyone who likes comics, check out the Microsoft comic strip Terrifying Tales of Digital Delivery